Data Security Best Practices

In 2018, the European Union’s data protection law, GDPR, went into effect. In January 2020, California’s consumer data protection law, the California Consumer Privacy Act (CCPA), went into effect. Both pieces of legislation shine the light on personal information that is being collected by organizations and the consumer’s right to the protection of that data. Organizations affected by these laws face stiff fines and a hit to their brand reputation if they aren’t clear about their use of a consumer’s identifying information.

Consumers are less willing to share their data if they’re unsure of your company’s privacy practices. 

What are the top data security best practices to consider for your organization today?

Internal Security Training

The best place to start with data security is with your employees. According to the I.T. security organization Infosec, your customer data is more at risk with uninformed employees than you’d think. Consider these practices for internal security training and policies:

• Remove all unnecessary information from employee desks and store all papers in locked drawers. 
• If using a BYOD (bring your own device) policy, these devices must be monitored. Employees should be trained and encouraged to use only approved applications.
• Removable media, such as thumb drives, should not be allowed to plug into any devices. 
• Employees must be trained in safe internet, email and social media habits to avoid phishing attacks and malware.
• Employees must be aware of the physical security of computers or mobile devices and password information. 
• Ensure strict administrative access to data, including limits to freelancers and contractors.

Computer Hardware/Software 

Not only are your employees at risk for exposing proprietary or personal data, but access to computer hardware or software could also be damaging. Allow anyone with the knowledge or means to your company’s physical computers or servers and they have access to exploit you or your customer’s data. If you fail to keep your software updated and secure, you run the possibility of information exposure to hackers or cybercrime. 

Here are the best practices to securing your company hardware or software:

• Physically store network and computer systems in server rooms with secure access.
• Require strong passwords and regular password updates.
• Install anti-virus and anti-malware to protect your systems.
• Create secure WiFi access and/or VPNs for internal and remote employees.
• Update hardware and software with patches and updates for the latest in security.
• Maintain a firewall to block unauthorized access to servers, computers or networks.
• Monitor your network for malware and denial-of-service attacks.
• Regularly audit and maintain a list of all devices on the network.

Raising the Bar in Data Security

If your company or customer data is stored in a database or network, or if your database is accessed by “code” that inserts, updates and deletes the data, you are still responsible for the security of that data.

We want to let you know that LaunchPad has recently chosen to undergo an independent SOC 1 Type 2 audit to review our systems to determine how we protect customer data. The SOC audit lasted six months and involved an external auditor testing our internal controls to assert if our processes operate effectively for providing secure services to our customers.

Want to learn more about this level of data security and the questions you should ask any of your data partners? Read more about our approach to data security here.

Review Our Approach to Your Privacy