Your Guide to Protecting Data in the Workplace
Data is the new oil. By some estimates, the data created on the internet each day numbers in the quintillions – that’s seventeen digits of information, and a significant portion of that is generated by users and sent to companies for free.
Businesses use this data to chart user preferences, target advertisements, and get feedback on their digital products. Some of this information is very personal and some of it is proprietary. So how can companies best protect this valuable asset protected from prying eyes?
Remote work and the rush to digitize just about everything have created a storm of company data. Read on to find out what steps companies can take at the macro and micro level to protect valuable information.
What Kinds of Information Do Businesses Collect?
Gathering information about users and customers is nothing new. Even before the advent of the internet, businesses would monitor how people behaved in brick and mortar stores and alter product arrangements and displays accordingly. The new methods of collecting data might work differently, but they aim to accomplish the same task.
Businesses gather information for various purposes. Here are a few of the most frequently used ones.
If you know anything about user research, you know that companies and designers both need to know how people interact with digital products and services. Websites and apps often track how users put their products to use so that they can improve the design. This is essentially a stream of the best possible feedback a company can get straight from the customer base.
- Personal Data
Anything that can identify who a user is can be considered personal data. There are rules and regulations all over the world aimed at protecting this critically sensitive data. If your company fails to protect it, there may be serious fines and the reputation with the public could suffer irreparably.
Some of this information might overlap with engagement data. But it can also include general behavior patterns, like when people decide to eat, stream movies, or go to bed. Most people are unaware of the degree to which some big companies measure behavior on a large scale. This kind of information might not be as sensitive as personal data, but people may nonetheless be quite protective of it.
Perceptions, opinions, wants, and even needs can be collected and analyzed. Again, this is part of the normal UX research process and helps companies make better products. Businesses might gather this information via explicit questionnaires and surveys and people are generally more carefree with this kind of information because it’s not necessarily personal.
Now that you know the four main kinds of user data, let’s take a look at the kind of data most companies are even more worried about.
Proprietary Business Data
Information that is gathered or produced by a company and solely controlled by that company is considered a product of the company just as much as anything they physically manufacture. That can include data gathered from users or through research and development.
Trade secrets are some of the most protected information in the world. Imagine the lengths big companies like Coca-Cola go to so their formula isn’t copied.
As more and more information is gathered from users as they use digital products, companies are gathering formerly unimaginable amounts of information that’s considered proprietary. Managing it, storing it, and protecting it from outsiders is an industry all its own.
How Valuable Is Data?
The perception that our modern age is obsessed with information is not overstated. Individual people might not put too much weight behind behavioral trends or attitudes, but for companies, this kind of data is essentially the only way they can see what’s happening in the market.
Economic indicators are formed by gathering and analyzing data. Customer preferences and behavior are used by companies in the same way. Without getting this kind of information from your users, your company will be flying blind.
Fortunately, gathering data is baked into standard operating procedures today. If you have a digital product, app, or eCommerce platform, the users are already providing data just by clicking and interacting with it. All you need is a mechanism to record that information so designers and other relevant players can analyze it and put it to good use.
Information is the most important asset for a business. Whatever your product or service, the way you provide it or manufacture it must be hidden to some degree by competitors who would otherwise copy the formula for their own gain. That’s why securing proprietary information is key. User information related to preference and behavior is also essential for user-centric products.
Data has come to represent business in the 21st century. So how can companies protect it?
10 Tips for Protecting Company Data
1- Use Passwords
Sounds like a no-brainer, right? Most companies already have login information for their employees to prevent outsiders from getting a look at internal communication and other information. But where they drop the ball is in their password policy.
One of the best ways to ensure the passwords used are as effective as possible is to require employees to change them frequently. Since this is hard to enforce without software that requires such a change regularly, some companies use random password generators that give new login credentials every few minutes.
Companies can also use a password vault to help protect passwords. This makes it easier for employees to work with many different passwords and also encrypts passwords more safely than if they were just written down somewhere. Plus, if an employee leaves or forgets a password, backups can be put in place.
2- Plan for Personal Devices
If your company gathers and uses data, there’s a high likelihood that employees will be accessing it with laptops, computers, phones, tablets, or even wearable tech. Your company will have a huge blind spot if you don’t have a specific plan for how the information will be stored and accessed on these numerous devices.
With remote work becoming more popular all the time, companies must work even harder to present a cohesive plan for how employees are expected to act with regards to hardware. Even if the company is gifting the gear as an additional benefit, employees must be given instructions and clearly defined expectations about how to use the hardware.
This can vary from a flat-out ban to using the tech for personal things during the off-hours or it could just be loose guidance for employees to keep the equipment in good condition for when it must be returned. If you want to make sure the rules are fair but effective, get employees involved in creating them.
3- Conduct Background Checks
Looking into new hires’ histories is fairly standard these days. Most companies are only flagging certain related things like theft, but some other indicators are useful for companies who want to protect their data from potential moles.
All manner of things are included on employee background checks, including credit scores and vehicle registration. Employers can use that information as they wish according to the law, but the important stuff for protecting data is criminal history, employment history, and education history.
Most of this information can be used to confirm what’s on the employee’s application. You can also make certain inferences. For example, if they’ve hopped around between many major corporations that have had data breaches, you’d be wise to get suspicious.
4- Employee Awareness
Get your employees involved with data protection and you’re much more likely to be successful. The best way to incentivize securing proprietary information is to make the employees feel like the company data is theirs. For example, let them know they are working to protect information that they gathered themselves or that they use regularly.
This is also a good opportunity to let employees know what part of their daily tasks are related to data protection. Explaining how everything works will help keep them from shirking duties or getting lax with their protection.
While you’re guarding all that information, you may as well gather a bit more. If you can measure how employees are following the rules to protect data, reward them for doing so properly for a significant amount of time.
5- Use A Company VPN
A virtual private network, or VPN, encrypts data as it travels between devices and the company’s information hierarchy. This helps toward securing proprietary information while it’s being transferred over the internet. If you have remote workers, a VPN is essential for keeping outsiders from breaking in or seeing data they shouldn’t have access to.
VPNs are typically accessed via password and they can be set up to alert when unauthorized devices are connected. More sophisticated options also exist, but for the most part, once employees are logged onto the VPN their experience won’t be any different than working on the internet from an unsecured device.
Make sure employees are familiar with the VPN, how to use it, and what it can and can’t do. VPNs won’t protect from malware on their own, for instance.
6- Get Rid of Company Data Properly
Companies have to upgrade their hardware from time to time and there is also a ton of data that becomes irrelevant when updated information comes through. The way the company disposes of this information and makes sure old devices are wiped clean is important and often the subject of company data protection rules and regulations.
While incinerating all old devices isn’t realistic or cost-effective, ensuring a device is wiped completely is possible. Take steps to ensure that the device also won’t have access to the cloud, the VPN, or other services.
Old data that has to be deleted from the database should be removed according to a planned process to avoid deleting the wrong thing or moving it to a vulnerable location. Just like you might shred old documents in the days of paper and physical files, you need to also dispose of digital information completely so others can’t find it later.
7- Secure Your WiFi Network
If you do have people working in a brick-and-mortar office, you have to take some steps to make sure outsiders can’t break into the wifi network there. That’s not only to prevent people from freeloading but also to make sure they can’t access services or hardware that are connected to the network.
Encrypting the network is a good strategy. Encryption keys may not suffice on their own, but you can put stronger encryption in place. Make the network invisible and select a strong password.
With strong enough encryption, you won’t need to change the password for your wifi all the time the same way you might with a VPN. That’s good news for employees who don’t want to repeatedly log into the network throughout the workday.
8- Antivirus & Updates
Hackers have been around since the early days of the internet but some of their oldest tactics still work to this day. Antivirus software is constructed to keep out these bugs, among them trojan horses, ransomware, and botnets. Make sure the software you choose is updated regularly so it remains effective.
Like the other tips in this guide, ensuring employees understand the antivirus software and know-how to update it is important to make sure they use it correctly. If possible, arrange for automatic software updates that can be scheduled outside of working hours for as little intrusion as possible.
These bugs are incredibly annoying and prevent people from working, so employees are generally on board for keeping the antivirus working as it should. Make sure they also have some education about clicking spam emails and other risk factors for getting infected with malware in the first place.
9- Backup Your Data
You’ll want to protect the data you backup but you still need to do it. Cloud access makes securing proprietary information easier but if the network goes down you could lose one of the company’s most valuable assets. That doesn’t mean you should abandon the cloud, though. Many businesses use the cloud as a backup resource.
If you have space or you aren’t dealing with mounting piles of information, you can also backup company data to secured storage hardware periodically to make sure you’re never without it. For companies that deal with personal health records and legal records, this is very important so users can access this information later as needed.
Employees should also understand how they can backup data for particular projects and their overall workload. It will take some of the pressure off them when it comes to ensuring data is safe and prevent panic in a scenario where they don’t know about data backups and think data has been lost forever.
10- Write Out Your Data Protection Strategy
Perhaps the most important of all these tips is to write out an explicit plan for data handling, protection, and deletion. This makes everything clear for employees and helps everyone on the team see when data handling has gone off track. Plus, when you have set rules, you can also draft agreements for clients and users so that they see exactly what data is being collected and why.
If you want to stick to your plan, you have to remember what it is. Make it a part of your onboarding process so every new hire knows and understands the data usage policy just the same as everyone else.
Also, you can incentivize adherence to the plan if you have goals written into it. A regular review might be cumbersome to employees, but it’s usually a fairly fast process that can be tacked onto meetings on different topics. As with most other business practices, this data plan will be more effective if employees can help form it and give feedback when something isn’t working.
Data protection is a key aspect of modern business. Securing proprietary information and company information as well as data gathered from users is crucial for continuing business without interference.
In many places, information about users and consumers is protected under the law. Establishing and following the right data protection protocol is important to avoid fines and other punishment. Plus, protecting user information will enhance the company’s appeal.
Secretive or lax data protection will have the opposite effect. Use the 10 tips in this guide to make sure your company and all your employees keep trade secrets and user data as safe as possible.