I am lucky enough to be a member of The Business Network in York and to be able to rub shoulders with many experts. One of these is Andy Gambles from Servertastic, who frequently shares his expertise on data security issues. So, some of these tips are directly attributable to him and some of them have come out of good practice guidelines following on from the GDPR legislation.
- Password length – your passwords for everything should be as long as the year, so now we are in 2019 you should re-set your passwords to be 19 characters long. This is because hacks are done by computers going through all the options. These programmes speed up every year and can work out ever more complex passwords more quickly
- Password repeats – have different passwords for everything, particularly things like your bank account, website and anything with sensitive data
- Order of characters in passwords – don’t use consecutive numbers or letters, your name or your family’s names or your date of birth. Use a mixture of lower case and upper case, symbols and numbers
- Have a password policy that sets up a programme for changing all passwords on an annual basis. If you have staff or other people who have access to your passwords (such as outsourced administrators!), make sure you change your passwords if they are no longer employed by you.
- Limit who has access to your passwords, only share them on a “need to know” basis and keep a list of who you have revealed your passwords to
- Keep a tidy desk and a shredder handy to shred any confidential information you have on paper
- Lock down your computer with a password when you leave your desk so that passers-by can’t look at your data
- Make sure mobile devices have a strong password protection – I have changed my pattern on my smartphone to a long digit password as I was concerned that the shape of the pattern could be seen in certain lights making it possible to log on.
- Store your information on a credible cloud provider with servers operating only in the EU. This means that you can access it anywhere without having to carry a memory stick around
- Back up your data on a regular basis
If you need help with security for your website and other data systems I would highly recommend contacting Andy at Servertastic.
If you need help with Data Protection Law and how to comply, I would recommend contacting Matt Rowley Harrowell’s Solicitors or visiting their website where they have a good information resource.