Data growth, cyber crime and hacker attacks: data security is also becoming increasingly important for SMEs. Most work processes in companies are now digital. You can use this checklist to check whether you still have some catching up to do in terms of security.
1. Archive your physical and digital data
Always keep documents and data in a safe place. Otherwise, violations of the Europe-wide GDPR could result in high fines. If you don’t want to archive your data yourself, you can outsource it to specialized service providers. Nowadays, archiving usually also means digitization. Cloud computing is an option to secure your data.
2. Note the retention periods
The laws and regulations on retention periods are becoming more and more complex – and the penalties for non-compliance are tougher. This applies above all to copyright and general personal rights. Check whether you need licenses for archiving or even the consent of your employees. If necessary, get support from external service providers or consultants.
EXTRA: Beware of malicious software: This is how you protect yourself [practical tip]
3. Develop data recovery strategies
Loss of data can threaten the very existence of companies. Therefore, in addition to your backup, save important data externally – for example in an archive center or with a service provider. A backup from the backup, so to speak. Make sure that it is updated regularly and it is best to keep it in the same order as in your data backup system.
4. Make rules
Establish binding internal rules for accessing sensitive information. All employees who work with these should have completed a separate training course and a data protection declaration should be available. Also take into account that service providers usually offer a web-based and secure service for accessing the information.
5. School your staff
Humans are still one of the greatest risk factors. Therefore, train your employees regularly to raise awareness of the correct handling of sensitive data and information. You can also introduce mandatory training on the subject of data security, which all employees must complete on a regular basis.