In a world where computers and smart devices are becoming increasingly relied upon, the amount of data stored online is rising. It is now becoming more important than ever to make sure this data, whether personal or commercial, if adequately protected. Dr Hotchen, a senior trainee patent attorney at Wynne-Jones IP, is advising organisations of all sizes to assess their online, smart device and computer security policies ahead of Data Privacy Day this Sunday.
The international awareness day aims to promote data privacy and highlight data protection best practice among businesses, charities, organisations, and individuals across the globe. This also comes as individuals and businesses evaluate their security processes ahead of the General Data Protection Regulation (GDPR), coming into effect from 25 May 2018. To support businesses in effectively securing their confidential information, Dr Hotchen is offering his top tips for maximising data privacy.
When protecting sensitive data from potential hackers, a password is often all that prevents unauthorised access from those who wish to exploit confidential information. As such, it is crucial that businesses storing staff records, client data, confidential reports (which might include specialist “know-how”), and information on business transactions choose strong and secure passwords.
People often leave their data vulnerable by relying on the same password for numerous accounts, both at home and whilst at work. While this can help the user to remember a password, if the password is compromised, a hacker may more easily exploit data from other accounts which use the same or similar passwords. More worryingly, if passwords are duplicated between personal and business accounts, a compromised personal account could lead to unauthorised access of a business account and the numerous files within your organisation. Therefore, users should avoid duplicating passwords across accounts, in particular, between personal and work accounts.
Choosing predictable passwords such as ABCDEF or 12345 are easily cracked by those seeking to access your private documents, and therefore should be avoided.
Finally, the longer and more complex or random the password, the more difficult it will be to crack by brute force. Choose a password which features upper and lower case letters, numbers and at least eight characters to make it more difficult to hack into. A simple trick to choosing a strong but memorable password is to use four random words – such a password could take 100’s of years to crack using brute force alone.
As a company you may store thousands of files on internal websites or archives which need to be protected from potentially harmful outside influences.
A business may even run various websites for external clients which needs extra security against hackers.
One effective way to help prevent hackers access your passwords and gain access to your data, is to utilise a password manager. A password manager can store the passwords for numerous accounts in a database so you don’t have to remember them all.
To prevent unwanted access, password database is encrypted with a master password – the master password is the only one that needs to be remembered and the one that allows access to the stored passwords.
Whilst this is a convenient method so that you do not have to remember lots of different passwords, if the master password is compromised, a hacker will gain access to all of the passwords stored in the database. Therefore, the strength of the password manager is only as strong as the master password, and it is advisable to make sure the master password is sufficiently strong.
Confidentiality is key to any business. Companies, in particular those which invest heavily in developing unique products, branding, and inventions, are reliant on protecting sensitive information and know-how which could contribute to their eventual success. For example, trade secrets are commonly used in the food and drink sector to protect recipes and formulations. In principle, a trade secret can keep a formulation secret indefinitely, however, in the event of a data breach, this information could enter the public domain without any legal protection.
A contrasting approach is to protect commercially valuable IP by virtue of patents, registered designs, and trade marks. In the case of patents, this can provide a monopoly in a market for the patented invention for a maximum period of 20 years. In return for this monopoly, the patent owner is required to fully disclose their invention. However, it is important not to disclose details of your invention publicly before a patent application has been filed, as otherwise this will invalidate your patent.
Such initial investment to develop products, such as the development of a new therapeutic drug, can cost millions of pounds. If this commercially valuable data is not adequately protected, this could allow competitors to copy the product at a fraction of the investment cost.
Mobile phone access
Mobile technology has now made accessing confidential data on the go even easier. Smart devices are the number one hassle-free method for accessing information and personal data, with mobile phones and tablets used daily for banking, reading work and personal emails, and purchasing goods. However, this ease of access, has provided hackers with even more opportunities to obtain personal and private data. As such, individuals and companies who provide staff with phones need to be even more stringent when it comes to data privacy. Raising awareness of data privacy is probably the first course of action. Ensure you are well versed on privacy settings for different accounts and applications, paying specific attention to any software or app updates, to keep your information safe. It is also advisable, where possible, to keep separate work and personal devices.
In a world where computers and smart devices are becoming increasingly relied upon, the amount of data stored online is rising. It is now becoming more important than ever to make sure this data, whether personal or commercial, if adequately protected. Whilst savvy hackers might (eventually) be able to gain access to almost any account, adopting best practices whilst online can help mitigate this risk, and can help keep your valuable data safe.