The key point with to prepare your IT systems for the GDPR is to ensure that you have security process in place to protect your systems and that you can show that you are taking reasonable steps to protect any personal information that is stored on your IT systems.
It is recommended that you have both a software and hardware firewall on your computer network. If you are using your home broadband you’ll probably have a firewall built into your router. You should also have a firewall included as part of Anti-Virus software. To get the best protection from your firewalls they need to be correctly configured and kept active.
Access control is an important part of making sure that your IT systems are only accessed by authorised users.
Each user should have their own user name and password and you should have a policy on issuing and disabling passwords. Users should not be sharing or loaning their user accounts to others.
Each user account should have a limited number of login attempts and passwords should be changed regularly.
It is highly recommended that you avoid relying on using just a password for access control on your system. If it possible to do so, you should active two-factor authentication which means you use can use both a password and your smartphone as part of your login process.
If your computer, laptop or other device is stolen or lost it is possible for people to access that data on your system. Data encryption can keep your data secure.
When you’re transferring data between computer via email or on a USB stick, data encryption can help protect your data from hackers and other unauthorised users.
Find out more about data encryption.
When you’re out and about with your laptop, tablet or smartphone it quite easy for them to be lost or stolen. Physical security such as a laptop lock can help minimise the risk your laptop being stolen.
You should have a paid for Anti-Virus program installed on your computer system. Such a program will provide your system with real-time protection against the different forms of malware. You should avoid turning your protection off and make sure it is kept up-to-date.
You should know how your Anti-Virus software is monitored and what actions will be taken if you receive an alert.
Your computer uses software including an Operating System, Drivers, and Applications. All software needs to be kept up-to-date to make sure that any security problems that are found are corrected.
Keep software patches up-to-date, using automatic updates if possible. Although it might be tempting try to avoid delaying the installation of updates.
Alerts about problems with your computer system or anti-virus protection will be ineffective if they are not monitored.
You should know how your System and Anti-Virus software alerts are monitored and what actions will be taken if you receive an alert.
You might want to consider outsourcing monitoring to gain 24/7 protection of your systems.
Check provider is compliant with the new regulations. All the major providers such as Dropbox, OneDrive & iCloud are compliant.
Your Wi-Fi Security should ensure your wi-fi can only be accessed by authorised users. If you are using your home broadband for business purposes you should set up separate Guest, Home & Work profiles.
Each user on your Wi-Fi system should have their own user name & password, with limited login attempts. Avoid using the default passwords for users or router.
If you have different members of staff you should develop a policy on creating, suspending or revoking access to your Wi-Fi network.
Data loss will constitute a breach of the GDPR. To prevent the loss of data you will need to maintain a regular backup of the data on your computer systems. This will also benefit your business by making sure that you can quickly get back up and running in the event of computer hardware failure, or worse a disaster such as a fire or a flood. At least one of your data backups should be kept off-site. A cloud backup service with a continuous backup option would be a wise choice.
Your email system is highly likely to contain personal information. Personal information could be in the form of an email message or an attachment.
As with other personal information you need to make sure that this information is kept secure and backed up. You will also need to plan a process for what you will do if someone exercises right to be erased
If you are using a network, you will need to make sure that you avoid using an unsecured network drives for storing personal information.
You will also need to make sure you plan process for how you will find and remove personal information in files on your network if someone asks to be erased
Need some help?
If you like any advice or support in securing your IT systems give your local PC superhero a call.