International Data Protection Day is a European initiative that takes place on January 28 of each year, worldwide, to remind all organizations and individuals of the importance of protecting their personal information.
For this occasion we want to share our recommendations to help you improve the protection of personal data with your customers. In 2019, more than 2.9 million people in Quebec had their personal data stolen.
Many people are wondering how to protect themselves in a world where more and more digital data is being shared. A bill is being drafted in Quebec to severely punish companies who neglect to protect their customers’ personal data.
What does data protection mean?
Personal data is data that makes it possible to identify a natural person. When you ask one of your clients to fill out a form, you are recording personal information.
In addition to this, when you browse the Internet, you share data with the websites you visit.
Websites automatically record the IP addresses of their visitors.
This information is considered personal information by the Government of Canada because it identifies you, although it is specific to a connection or computer.
As an individual, browsing in a secure way has become complex and it is necessary to take some precautions, as mentioned in this article: 5 tips to better protect your personal data online.
Your duty as a company
As a company, you collect information about your customers for your services, whether it’s financial data, mailing addresses or emails.
It is fundamental to have an internal procedure for the management of personal information that is transmitted by your clients. You must notify your customers of why you need some of their personal information and why you need to keep it on file, as is stated out in the Privacy Act.
Do you have an internal security policy?
A well-informed team
There are still very few companies that have internal IT security procedures for their team members. Thus, it is not uncommon to see empty offices with computer screens unsecured and accessible to any passer-by. Or even worse, Post-It notes pasted on keyboards or screens to indicate the code in order to access accounts or the entire computer!
Does your team know how to handle confidential information? What behaviours should be adopted?
You need to start by establishing internal rules that should be read and known to your entire team.
Professionals in charge
When it comes to your IT security, you need to surround yourself with competent and experienced people. Some of you might think that outsourcing the work is less safe, but the mistake that could cost you a lot of time and money is trying to do all the work yourself in-house without getting advice from an expert team.
You have extensions to add to your website, who takes care of them?
Do you check that these are up to date on the WordPress plugin list?
There have been more than 4,000 attacks on WordPress sites via a fake SEO plugin.
You didn’t know it, but it’s too late. The hacker has entered…
Taking on this kind of mission is a bit like trying to do the mechanical maintenance of your car with a manual.
It is possible to be lucky, then comes the day when the car breaks down. Because you forgot a small detail.
And at that point, where will you go? A specialist, an expert, who will tell you that your car has been damaged and that he will see what he can do, without being able to guarantee the problem could be fixed
For the car, you should be able to repair it or in the worst case buy a new one, but for a computer security problem… it can disrupt your daily life a lot more and possibly jeopardize your entire business
Updates … Up to date!
Updates are essential to your IT security. According to a recent study, it seems that 87% of users ignore computer alerts, including updates.
We’ve all done it, haven’t we? We postpone them, we don’t have time and then we forget. Updates often repair security errors or flaws and don’t just bring new features or graphical revisions.
Your website also requires updates too and we tell you why they are so important and why they need to be done in our article Do WordPress Updates Matter?
But beware… unlike an update from Microsoft or Apple, it is not enough to click the button! There are some checks to be made in order to avoid breaking your website or making it partially dysfunctional. To know a bit more about this, you can read our article Are you doing your updates correctly?
Why would “making updates” be part of your obligations to your customers? Because if your website is not up to date, it is highly prone to be hacked and therefore, the data you will have collected on visitors and customers on your website could well be exposed. Being up to date means acting to protect the information exchanged via your website.
It is estimated that an outdated version of WordPress is responsible for more than 60% of the hacked websites. Hackers look for (and find) flaws. It doesn’t matter the size of your business or the type of website you operate. Of course, it’s the big companies that are in the news when disasters are reported, but beware, the rate of ransomware requests is increasing rapidly and this is becoming a risk for companies of all sizes.
A password procedure
Are your passwords complex? Do you change them regularly? How are they managed? We strongly recommend using a password manager.
You can create different groups and access, and each member of your team can have access to company passwords based on their responsibilities and role. A way to avoid forgetting passwords, sharing by email or on a piece of paper!
A computer alert system
You probably have antivirus software on your computers to protect you from outside attacks. And for your website, do you have any?
A security scan is essential to be informed of an intrusion and to be able to act quickly. This validates that the files present at your web host are not infected. Think about the information on your website. Do you want to take the risk of losing them, or worse, having them stolen from you?
It has now become common to see in newspaper headlines mentions of theft of customer data. Assuring your customers that you care about their personal data could well become a competitive advantage over your competition in the coming months.
Store your backups in a safe place
Having backups is good, but they have to be done properly.
If you save them at the same place as the web site, you might not have anything left in case of an attack. Copies must be sent to multiple locations and kept on a remote server.
To find out how to make effective backups, we invite you to read our article All about backups: are you at risk?
A strategy to protect your website’s visitors
- Be aware that ALL companies are the target of hackers
Hackers’ motivations can vary from information theft to resource theft : there is no such thing as zero risk, regardless of your size and industry. However, it is possible to limit the risks as we explain in our article Avoid being hacked, is it possible?.
- Have a website using HTTPS that guarantees a secure connection
Thus the people who visit your site will be assured that the data shared through your site, whether it is a registration form or bank data, will be encrypted. We suggest you continue on this topic with reading HTTPS: 3 good reasons to convert your site.
Computer security is not to be taken lightly. To avoid any disaster, it is highly recommended to have an internal strategy established by professionals. The first step will be to setup safe rules and behaviors for your entire team to protect yourself from a possible attack, and therefore protect your customers, suppliers and other business relationships.
You will have understood that data theft is becoming more and more widespread and there is no doubt that this will only increase in the months and years to come. Guaranteeing your customers the protection of their personal data will become a major asset against your competitors. Prevention remains the best precaution.
SatelliteWP ensures the IT security of hundreds of WordPress sites from the multinational to the self-employed and we are proud to have internal procedures to ensure the protection of personal data exchanged with all our customers.