10 ways to improve business and consumer data security

Data security is paramount in business, not only to comply with legal obligations, but to ensure the viability of your business and protect consumer data. With more and more businesses using secure cloud storage as well as local data storage, it’s important to understand the risks and how you can improve your data security.

We’ve put together ten ways you can make business and consumer data more secure.

1. Regularly change passwords

Experts strongly recommend against using things like a dictionary-based root word, with transformations at the end for multiple (or even the same) accounts e.g. stapler673, mostly because it can be very predictable. The best method is using mnemonics to create a seemingly random password that has meaning only to you e.g. “I believe you have my stapler! It’s the red Swingline stapler” could be transformed to “#ibYhM5!-iTr$15”, which also incorporates some symbols and “leetspeak” in replacing the S in stapler with a 5. Even “leetspeak” in full by itself – i.e. wr1t1ng w0rd5 l1k3 7h15, isn’t safe anymore as it’s a well-known transformation that dedicated password crackers account for.

Dictionary words should always be avoided. Never use predictable patterns to create passwords (this can be especially bad in a business context). Consider using a password manager that does local storage rather than cloud storage only (that way you can control where the encrypted password file is kept). Most also offer random password generation so you don’t have to think of a new, unique password yourself and remember it every time.

2. Back up data to encrypted cloud storage

More and more businesses are using encrypted – or ‘secure’ – cloud storage to store their data. Data security options vary from platform to platform. You should ensure you understand what the platform’s data security management includes and what will happen if your data is lost. In most cases, the onus is on you to back up your data even when using encrypted cloud storage. You can do this locally or through another cloud provider.

Don’t forget that it’s important to disconnect from, or log out of cloud storage when you finish your session. Ransomware has been known to look for and infect both physical and cloud storage, encrypting even those files and holding them for ransom, rendering the entire service useless as a backup.

3. Check your antivirus software

To be effective, your antivirus software needs to be current and have the appropriate functions required by your business available and functioning. Cyber-attacks through applications (Apps) are becoming more and more common, so it’s a good idea to have application whitelisting enabled. This allows you to identify specific Apps which are allowed on your business computers, and stops any other Apps from being downloaded and launched.

4. Check your teams’ administration permissions

Administrators are team members who have more access to data and system settings than other users. Administrators’ computers are therefore often the first to be targeted in a cyber-attack. The more administrators you have, the more weaknesses there are in your system. It’s a good idea to regularly review the list of administrators on your system, and remove administrator permissions from people who don’t need them. Also, always change default administrator passwords on devices such as computers, routers and modems.

5. Extra protection on important information

Protect access to sensitive information with unique passwords. Ensure that the password is different to other important business logins (e.g. banking, server, website). Where practical, also try to use a different computer altogether for internet-enabled activities like web browsing and email, to handling sensitive information such as your accounting system or customer database.

6. Stay updated

At least one person in your business should have responsibility for staying updated on data security threats. You can sign up for alerts on the Government website, Stay Smart Online. The same person should be responsible for flagging information that needs to be shared with executives or the broader business.

7. Beware of spam, phishing and social engineering

A spam filter on your company email will go some way to addressing unwanted mail, but it’s essential to educate your team about the risks of clicking on links online, within social media and in emails, texts and messages. Clicking on links can download malware (intentionally malicious software) onto computers, spreading viruses throughout the network and compromising data security. You should also be wary of friends requesting money on Facebook, and to check the URL on banking and other pages to ensure that it’s the correct site and not a fake page you’re logging into (look for the padlock symbol at the start of the URL when logging in).

8. Accepting credit card payments

It is unsafe to send or receive credit card details over email. To protect yourself and your customers, use a PCI DSS-compliant gateway like SecurePay, a business of Australia Post. It accepts payments from all major cards and is also integrated with PayPal.

9. Install application and operating system updates and patches within 48 hours

As vulnerabilities in applications and operating systems are identified, developers provide patches (updates) to strengthen the applications and systems’ security. Hackers and spies can create malware to take advantage of identified weaknesses in around 48 hours (eight hours is one of the quickest turnarounds) so it’s important to install new updates and patches on all devices as soon as possible.

10. Secure your mobile phone

Viruses can be downloaded through SMS, MMS and malware. Consider antivirus software for your mobile phone, ensure your phone is password locked, and activate phone finding and remote locking/wiping software.