No! Can! Come on!

25/11/2016

When we are going to start a new project, there are many who ask us what this "LOPD-data protection" consists of. Many have even asked us if our job is to "guard your data so that they are more secure."

No, we do not guard anything.

But your company can do it . As easy as starting to implement security measures on your computer equipment, hard drives, flash drives, laptops, tablets, mobile phones, shelves, general filing cabinets, offices...

And it is that as we indicate to clients, we can say that the data protection regulations have four legs :

Documentary , which includes all the informative clauses and the request for consent that is needed from the interested party; Contract drafting; confidentiality agreements with workers; Drafting reports and Security Document...

Protocol , where the internal procedures that the company has defined and those that are legally established for a correct treatment of the data are established.

Computerized security measures , which include all those mechanisms by means of which the integrity of the stored data is ensured in an automated manner.

Non-computerized security measures , which would include those measures tending to guarantee the confidentiality of the data whose treatment is in physical paper documents.

The most famous security measure that everyone knows is the simplest of all: THE PASSWORD

One of the best ways to guarantee that only the personnel expressly authorized to do so have access to the personal data stored in the company's equipment and servers, is the systematic use of these. Regarding the use of passwords, we indicate that you take into account that:

Establish the use of passwords for logon on all company computers and servers.

Establish passwords in those personal data management applications that allow it.

Use the password screen saver for reactivation.

Activate the limit of repeated attempts of unauthorized access to the operating system of the computer.

Use unique passwords for each individual user , thus guaranteeing correct authentication of accesses.

Change passwords with a periodicity that is most convenient for the type of data handled (minimum once a year)

Establish a procedure for notifying users of expiration of password validity periods .

Create a procedure to distribute password changes to your workers.

Safely store passwords and ensure their confidentiality and integrity.

Set sufficiently complex passwords, meeting minimum security requirements.

And never forget that passwords are not only on computer equipment, but also on laptops, hard drives, tablets, mobile phones...

In addition to the "typical password measure", we suggest other security measures that you can start implementing in your company , (once you finish reading this article):

Take a management and control of computer supports to avoid loss or misplacement of information. All computer supports that allow the storage of data, as well as its extraction outside the company's premises, must be properly inventoried and labeled.

Use protocols for the use of electronic devices in the company. So everyone knows what can and can't be done about using company-owned devices.

Perform safe Internet browsing by avoiding downloading programs or files from unsafe places on the Internet; scanning everything downloaded with an antivirus before running it on the computer; deleting cookies, temporary files and histories when using other people's equipment; deactivating the 'auto-complete' option if you access from a different computer than usual or share your computer with other people.

Implement a good IT management system . To do this, have a computer professional (whether internal or external) who is in charge of the installation and maintenance of the equipment and applications and the design of the communications system and internal administration privileges.

Always use legal licensed software and keep it properly updated, as well as appropriate security software; antivirus, firewall, etc.

Correctly configure Wi-Fi networks , disabling the broadcast of your SSID (name of your Wi-Fi network) to prevent external equipment from automatically identifying your wireless network data; change default wifi password...

Set up a procedure for making backup copies and information recovery, controlling which personnel have access to the copies, making them with an adequate periodicity, verifying that the copies have been made correctly...

Be the Gandfal of your company, and don't let any Balrog enter your computer system.

Idaira Hernandez Peraza

Director of Consultants Peraza & Asociados, SL

Photo source: Google Images tagged for reuse

Technical cookies Technical or necessary cookies are essential for our website to function properly and include basic functionalities such as identifying the session or giving registered users access to restricted access areas. For these reasons, technical cookies cannot be deactivated.
Statistics cookies We use statistical cookies to see how you interact with the website, gathering anonymous information during the time you browse it. The purpose of collecting this information is to make improvements to the website based on the analysis of the aggregated data.
Preference Cookies By using preference cookies, the website can remember information during your browsing time associated with the way the page behaves or the way it looks, such as your preferred language or the region in which you are.
Marketing cookies Marketing or advertising cookies are used to analyze your behavior while visiting the website and so that, from time to time, other providers can offer you personalized and relevant advertising according to your browsing profile.