Compliance and regulation are designed to make things safe and secure. But in reality, meeting regulatory requirements can be like unravelling the Gordian Knot itself. Like it or not, regulations, if not adhered to, can make one liable for a hefty fine. But regardless of the standard that one implements, there are common principles that should be upheld and key elements that are essential to meeting data compliance regulations. This blog takes a look at some of those considerations and touches on why they’re so important to your organisation.
Access control
Whether data is in the cloud, on hard copies or on local storage arrays, you need to control access to it. A good way to do this is by using the role system where employees are placed in specific profiles that governs their level of access. I recall an incident where a scuffle broke out in an office building where an employee gained access to the payroll system and saw what other staff earned, and was less than pleased with what he learnt.
Security
Hackers are not unshaven, coffee-addicted social misfits who operate from dark, mouldy basements hacking into systems and causing cyber-mayhem. They often use social engineering and good old breaking and entering to steal data and breach security systems. Run regular maintenance audits and criminal checks on security personnel. Compartmentalise data and restrict access to areas in the workplace. Find out more on this subject – here.
Transmission protocols
Always use the best informational security software and procedures. Insist on data encryption, even within the business. Secure wireless networks and control access to them as they’re often a target for hackers. Keep software and security applications updated and be careful about what is communicated via email.
Key-holders
Always delegate responsibility to competent people. Staff who either possess keys or access codes need to be made aware of the risk of sharing their access methods with others. Be sure to regularly communicate security loopholes and what’s expected of employees to minimise risk to the organisation.
Data integrity checking
Always run scheduled checks on the integrity of data. I’ve encountered many times where backup data is corrupt or has been modified. Regular test restores of backed up data will ensure that you avoid nasty surprises when the time comes to perform a restore.
Backup and redundancy
Back up your data securely using multiple methods where possible. Use reputable cloud providers who are data compliant themselves and who have a culture of compliance. Make sure your service provider understands the legalities behind data management and that they have the security of your data assets at heart.
Human-error
Train your staff to be very careful about what they post on social networks and what they send via email. Most of all insist on a password rotation policy, that personnel password protect their computers and that as far possible they don’t store confidential data on laptops and tablets.
Protection of private information
It’s imperative to protect access to and dissemination of personal information. In an age where “kitty pictures” go viral in minutes, one can cause irreparable damage if personal information is leaked.
Compliance needs revisiting on a regular basis
Data compliance is an important aspect of business continuity and disaster recovery. Data theft can have far-reaching consequences and bring a company to its knees. Do not put off data compliance and place your organisation at risk. Think of the potential financial, organisational and reputational damage to your organisation and what it would take to recover from it. But as we move steadily into the next phase of our interconnected digital reality, the challenges and opportunities will present themselves. It’s how we react to them that will determine how agile – and compliant – we ultimately become.