Latest News and Announcements: Article: Personal Devices
Your lost USB stick could cost your company £1000s!
By Michael Pitfield, TrueSwift Ltd
A few weeks ago I posted an item on LinkedIn about finding a lost USB stick that contained sensitive data. It generated a great deal of discussion about the implications of tighter data protection laws for the way in which we all use data accumulated by our organisations and/or ourselves as individuals.
In our mobile world, as well a USB sticks, our phones, tablets, laptops, and the cloud could all contain data that traditionally would (hopefully!) have been kept securely on mainframe computers or in safe networks.
The enforcement of the General Data Protection Regulation (GDPR) places an injunction on us all to be much more aware of our personal responsibility for compliance with its requirements if we are not to run the risk of laying our employing organisations open to huge fines.
So, what is to be done?
What can an organisation do?
- optimise technical and organisational security measures - good systems and clear policies
- ensure that employees understand that all devices should be password-protected
- ensure that all personal/sensitive data is encrypted
- maintain/update firewalls and passwords
- ensure off-site data centres and cloud providers have high levels of security - you are responsible for the data stored
- have systems in place for speedily reporting breaches of security
- test security systems regularly
What can an individual do?
- comply with organisational policies and procedures
- ensure devices are password protected
- not leave devices unattended
- not leave devices turned on while in transit
- not leave devices in standby/sleep/hibernation mode
- be aware of potential threats - such as theft
- avoid using devices in public places and areas of public wifi access
- use common sense!
These bullet points are not exhaustive other readers may have further suggestions/comments, these are welcome. The aim of this article is to get people thinking more about Personal Data Storage and to share experiences, concerns and information.
To keep fully updated upon all aspects pf GDPR join the GDPR UK group on LinkedIn. You can join at https://linkedin.com/groups/12016490
To find out more about TrueSwift’s offerings, please get in touch with -
Matt Andree, Head of Business Development