Data protection is the key aspect of information security in an Organization. The intention of data protection is to protect data from being available to unauthorized users. Data protection can be achieved successfully not only by technical controls but also by appropriate user awareness and responsible actions. This blog lists few data protection tips for Organizations in the form of do’s and don’ts that can be used to improve information security awareness and performance. Throughout the section below, “you” or “your” means the employee or contractor of an Organization.

1. Do backup your data regularly on official cloud drive or an encrypted & authorized external hard drive.
2. Do classify the information as per the Organization’s information classification scheme.
3. Do store Customer data only for the period as mutually agreed in the contract.
4. Do shred hard copies containing sensitive information while securely retaining the original hard copy. 
5. Do handle copyrighted data with care and as per appropriate authorization.
6. Do clear the “download” folder preferably on a daily basis since there are chances that you have downloaded sensitive files which sits unprotected in your system.
7. Do obtain written consent from the author of a piece of information before sharing it with others.
8. Do encrypt sensitive data in your system. 
9. Do not write sensitive information in the body of the email. Instead include the sensitive information in an attachment and protect it with a password.
10. Do not copy official data to personal email accounts.
11. Do not share data with personal ids of external interested parties including Customers. 
12. Do not modify data unless you are authorized to do so.
13. Do not delete data in your systems unless you have a justifiable reason and authorization to do so.
14. Do not copy sensitive information to pen drives or hard disk drives unless authorized to do so. 
15. Do not store your (employee) personal data in an officially allotted device.
16. Do note store official data in personal smartphones or tablets.
17. Do not use your personal email id for official purposes.
18. Do not divulge sensitive information intentionally or unintentionally during telephonic conversations with unauthorized personnel.
19. Do not spam Customers and other interested parties with unwanted information.
20. Do not store passwords in your system.
21. Do not write down passwords and pin them to your workstation board. 
22. Do not download files from unauthorized sites.
23. Do not take photos or videos of official information from your personal cameras or smartphones. 
24. Do not misuse or sell official data for personal gain.
25. Do not secretly store copies of unprotected sensitive data in your system.
26. Do not overwrite existing data unless authorized. 
27. Do not transmit data on an unsecure network.

The above data protection tips for organizations can even be used as a checklist for Data security monitoring purposes.

Article by: Sudhir G K, Information security Consultant, Inzinc Consulting India

Contact us