Blog It’s Data Privacy Day!

Passwords and multi-factor authentication

We can’t stress enough how important it is to have a unique password for sensitive data accounts such as emails, banking and cloud service accounts, if not for all of your accounts. Best practise is to have three random words combined and include numbers and other characters too. Encrypting internal spreadsheets that include sensitive data with a password is also good practise to reduce the risk of that data being accessed if it is stolen.

For added security, we would recommend using multi-factor authentication on all high-risk accounts, such as banking or website logins. Using an app, such as Google authenticator is best practise, but SMS or email is also better than not having it at all.

Be wary of third-party plugins on your website

If you have an ecommerce website where customers enter sensitive data, such as credit card information then be extra vigilant when adding plugins to the site. The newsworthy data breach from Ticketmaster who had their customer credit card data stolen via a chatbot on their checkout page is a lesson for us all to be extra cautious when implementing new website features.

Only collect the data you need

The GDPR became law over two years ago, and whilst many of you will know the ins and outs of data processing and storage, it’s important to regularly review the data you’re collecting and ensure there is a valid reason for collecting it.

Robust cyber security practises

Ensuring your organisation’s network is secure from a cyber-attack is another key aspect of data privacy. Embedding best practises from ISO27001 or Cyber Essentials will reduce the risk of data theft.

We would recommend Cyber Essentials as a minimum for keeping your organisation cyber safe, and if you process sensitive data then you may want to consider complying to the ISO27001 standard for Information Security Management.

Further information

Data breaches can have serious consequences on an organisation, from fines to loss of reputation. Putting in place the proper processes and security measures for data privacy is key for business continuity. For more information on the data privacy, GDPR, UK Data Protection, Cyber click the links below to read our simple guides which offer helpful advice and access to our free implementation documents.

Read more:

• What is the EU GDPR
• What is the UK GDPR
• What is ISO 27701 – Privacy Information Management System 
• What is ISO 27001 – Information Security Management System 
• What is Cyber Essentials?

CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.

For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.

More ISO Guidance