importantIn today’s highly connected world, security and privacy are paramount, and security-conscious organizations depend on solutions to keep their data safe and their information private.

Without doubt, the need for protection is growing, with passwords and access restrictions that are unfortunately often not safe, although the laws require the highest level of security when it comes to data protection. Not to mention, that there are compliance requirements for all areas where computers are used. In fact, the safety requirements for data storage and forwarding are becoming more stringent and more and more demanding to fulfil.


However, in order to protect businesses and consumers, and to know in an emergency that the law is on your side, you should – especially as a small business - observe and implement at least a few basic rules.

Self-manage passwords
Users still use weak and unsafe passwords. In addition, many use multiple passwords and in order not to forget them, write them down and in the worst case even put the piece of paper with the passwords in their desk drawer. It is better to ensure that an identity unification takes place and that the users can self-administer their passwords, because then they do not have to write them down in the first place.

Authentication in several steps and encrypted
To gain access to data often takes more than just a password. Therefore, a multi-factor authentication is recommended, as well as encrypted transmission of passwords only.

Beware of orphaned user accounts
Administrators usually have all kind of permissions, and if more than one has the rights, they often share the user account. In such a case, however, a two-factor authentication is safer. Besides, limited permissions are usually sufficient for the administrative day-to-day business.

Beware of giving one person all permissions
Administrators usually have all kind of permissions, and if more than one has the rights, they often share the user account. In such a case, however, a two-factor authentication is safer. Besides, limited permissions are usually sufficient for the administrative day-to-day business.

Safe handling of personal data by segregation of duties
In a hospital, for instance, the accounts department is not allowed to have access to the sensitive medical data of patients, and the medical and nursing personnel on the other hand should not have insight into the bills of patients. The same way as the tasks are clearly separated in this case, corresponding data has to be separated and protected against prying eyes by implementing technical solutions.

By Daniela La Marca