Securing Employee Personal Data: Going Beyond a Data Protection Policy

Posted by Corrin Jones on March 14, 2019

Protecting your company data isn't always enough; sometimes you need to protect employee data as well. Employees are targets for cyberattacks—and if their data is breached the company could suffer a breach as well. Businesses should encourage their employees to keep their data safe, as well as, initiating a data protection policy. If employees are to keep any type of company data on their personal devices they need to be able to follow basic data protection training.

Leverage Technology 

Employees must secure their logins through the strongest authentication tools available on each platform. Biometrics, security keys, unique one-time codes and two-factor or three-factor authentication are all more secure than a single password or PIN. Usernames and passwords alone are not enough to protect desirable accounts such as email accounts, banking, and social media. 

With a mobile device management solution or a mobile application manager, businesses can improve the security on an employee's device without risking the employee's personal data. A mobile device management solution will secure a device against threats without the need for an employee to change their habits or invest their own time into security.

Utilize Password Best Practices

One of the simplest, but critical, ways to keep data safe is with strong password protection. Here are some tips:

  • If your company's password standards haven't been updated in some time, now is the time to do it. Employees will need to follow corporate guidelines on length and complexity for their business accounts, but they should also follow them for their personal accounts, too. Breaking into an employee's email address, for instance, could make them vulnerable to other attacks.

  • Every password should be completely unique. If you reuse passwords, you increase the chances of having multiple accounts attacked.

  • Make sure the more important accounts have the strongest passwords. 

  • Make sure passwords are more than 16 characters in length. The longer the passwords are, the better.

  • Make your password a phrase or a sentence, such as "I love classical music!" Focus on a sentence that you will easily remember.

  • Don't share your passwords with anyone else and don't write them down (especially not somewhere in your office).

  • If you do need to store your passwords somewhere, store them in a password manager which is also well-secured.

  • Regularly update your passwords, at least once every six months but ideally once every three months.

  • Instead of using standard security questions, consider using generated passwords. Security questions are now very easy to figure out.

As you can see, passwords these days need to be highly complex. That can also make it an issue because a complex password is very difficult to remember. A password manager makes it easier to maintain highly complex passwords that are also frequently changed. Of course, that also means you need to properly secure the password manager itself.

You can find a password manager by searching  "free password manager" online. Look for a password manager that has excellent reviews. You may also want to invest in a single sign-on solution for company purposes, as this will reduce the number of passwords the user needs to remember.

Provide Data Protection Training

In addition to proper password hygiene, data protection training is also important. Employees need to understand what is at risk, in addition to how they can protect both their business data and their personal data. 

  • Employees should be educated on new threats to their data. Threats are constantly evolving, and employees may not be aware of new types of phishing attempts or malware. 

  • Educate employees on personally identifiable information and the data that must often be protected. Employees may not be aware of how dangerous some data can be.

  • Discuss the potential dangers of mobile device use, as well as, how mobile devices could potentially harm both their own security and the security of the business.

  • Introduce technology such as password keepers to employees, which can make sure that employees have the resources and tools they need to protect themselves and the business.

Employees are going to need constant training and education regarding new threats to their data. A refresher on training can tackle new, emerging threats, as well as, what they can do to defend themselves. 

Through both data protection training and a data protection policy, your organization will be able to keep your employees and its own data safe. Employees have a vested interest in protecting their own data, but they may need to be encouraged with the use of a rigorous data protection policy.  When training isn't enough, you're going to need technology. You can keep employee data safe with Cloud Assist 365 MobilityPlus.

2019 Cybersecurity Threat Ebook

Topics: Data Protection Policy