Data is the new oil in today’s digital world. In light of numerous and sophisticated threats, it is imperative that all businesses look at protecting their valuable data. In February-March 2021 alone, the number of data breach alerts to PDPC have tripled compared to the previous two months.1 Several local companies have also been fined a total of $75,000 for breaches that have affected more than 600,000 individuals personal data.2
With the newly enhanced PDPA, penalties are now also imposed on individuals (including employees) who mishandle personal data. Here are 8 key tips to protect yourself, the business and your company data.
|Click to view infographic
Data Protection Tips for SMEs
1 | Instil a security culture
Educate employees about social engineering attacks such as email phishing by providing security awareness training. Ensure that they are aware of the various forms of attacks and the ways to avoid them with cyber threat exercises. Provide refresher classes to keep them updated on the latest best practices in compliance with the PDPA.
2 | Have a set of security policies
Establish data protection policies and keep this framework up-to-date to secure the business from both internal and external threats. Your policy should cover areas relating to data confidentiality, access and control, acceptable use of data, data backup, retention and disposal.
3 | Carry out risk and gap analysis
Engage an external data protection advisor to annually review existing data protection policies and practices and for actionable risk-mitigation enhancements to keep up with your changing business needs, the cybersecurity landscape and PDPA regulatory requirements.
4 | Create and test your response plan
Data breaches are inevitable, but with a robust response strategy in place, you can minimise business disruptions and the costly data breach consequences. Your data breach framework should include containment processes, risk and impact analysis, mandatory notification requirements, and have clearly defined roles and responsibilities for your incident response team members.
Data Protection Tips for Everyday Users
1 | Use a unique and complex password
Always use a mix of letters, numbers, and symbols but never your personal data like birthday in your passwords. For added protection, enable multi-factor authentication, whenever possible. To help you create and manage strong, unique passwords for every account, you can leverage trustworthy password management applications.
2 | Update your software regularly
Never overlook the pesky reminders to update your software. Turn on automatic system updates on your device in order to ensure that the outdated features are removed. This will not only keep your systems stable, but will also keep your devices protected from new threats that take advantage of system vulnerabilities.
3 | Protect your privacy on social media
Providing personally identifiable information (PII) on your social media profile may appear harmless, but it can be used to scam you or serve you unnecessary ads. Go to the privacy settings to limit what appears on your accounts. Do note most default settings may permit the sharing of your information with other third-party online users, so read and understand privacy terms before use.
4 | Do not tap on free wi-fi
Connecting to an unsecured network will only give free entry points for cyber criminals. If you have no other choice, always check with those working at the location for the wi-fi's name and IP address. To make public Wi-Fi more secure, you can also consider using a VPN app to encrypt your local data traffic.
Need help to co-manage your data protection and PDPA compliance responsibilities? Check out DPO2SME.