1. Draw up a proper data security clause – focus on data security rather than non-disclosure
People are often the weakest link when it comes to data security, and employees and contractors must be made aware of the dangers. Many companies adapt a traditional non-disclosure agreement (NDA) to deal with their online data storage. However, NDAs are not the best way to keep your data secure. NDAs tend to cover intentional disclosure of information to third parties, rather than accidental disclosure or disclosure because of hacking or another criminal act.
A data security clause, on the other hand, makes a requirement of measures like encryption, passwords, and locked cabinets. It also requires staff background checks, security audits, and the reporting of any leaks. Government regulations and company privacy policies must also be abided by in such clauses.
NDAs usually have an expiry date of 18 months or three years, or perhaps more. What happens to the information which you hold after that date? You could delete it, but what if you need to keep it and it has to be protected by law? Perhaps it’s something like staff national insurance numbers and banking details.
A data security clause usually has no end date, and information remains protected by it indefinitely. See more advice here.
2. Use a password manager
This helps avoid the use of the same password across multiple sites or platforms because we can’t remember a large number of passwords. That’s a bad idea if hackers get hold of one password and can access multiple accounts with it.
3. Switch on disk encryption
Lose your phone or laptop without enabling this, and anyone can access your information and steal your identity. Think of the damage that could do to you or your company. Some Apple devices have this switched on by default, but if you’re on Windows, Mac OS, or Android, you need to enable it.
4. Encrypt text messages and phone calls
Some of mobile apps are much more secure than your mobile phone provider’s text and messaging service when it comes to hacking. Apps like WhatsApp or Apple’s FaceTime have built-in levels of security which are higher without turning on special features. You could also check out Signal,which is available in Apple’s App Store.
5. Use two-factor authentication for your laptops
This is a secondary level of security after your laptop’s initial password, in case anyone obtains that. This could involve a specialized app for your mobile phone which generates single-use login codes or a number selected at random and sent to your mobile by text, or a U2F, a security key which is like a USB drive and inserted into the USB port.