Data Protection Best Practices
Mar
15

Data Protection Best Practices

cybersecurity strategyEnsuring data stays protected requires a well planned strategy, and begins with your employees. While you can’t completely mitigate the risk of human error, there are several ways to ensure that critical information stays protected. The impact of just one data breach incident on one employee can have far reaching negative consequences for the entire organization, so it’s important to take data protection seriously.

Data Protection Best Practices:

  1. Conduct a data protection best practice consultation with your IT provider.
  2. Recreate passwords every three months, and ensure they are at least eight characters long with a mixture of upper and lower case letters, numbers and characters.
  3. Limit access to private information and never share it through email or the phone to minimize the risk of phishing.
  4. Limit social media use. If your firm hasn’t blocked social media use, as many financial services firms have, avoid posting both personal information and whereabouts. If you do utilize social media, keep these key pointers in mind:
    • Avoid posting last names or other identifying information.
    • Never download music or files from peer to peer networking sites.
    • Limit posting photos and videos to the general public.
    • Don’t post travel itineraries or information regarding your whereabouts.
    • Don’t post information with geo-location and date labeling.
    • If possible, employ dual- factor authentication for your social media accounts.
  5. Install a firewall for network security: You should install a dedicated security gateway to protect your firm’s network from unauthorized external threats.
  6. Implement anti-virus software: Next generation antivirus software works to protect against threats in real time and provides more coverage than regular antivirus solutions.
  7. Install secure email: One of the benefits of installing of a secure email solution is to provide an additional layer of security and customer service that general public email providers don’t provide.
  8. Practice secure web browsing: Your IT provider should implement a web content filter that identifies malicious content from websites to minimize potential threats.
  9. Utilize mobile device cybersecurity strategy management (MDM) tools: Mobile device management tools work to protect information that is sent from mobile phones by ensuring the device can be wiped remotely, and by enforcing safeguards that protect private data.
  10. Implement data governance policies: Work with your IT provider to implement data governance and auditing services to be able to track and locate sensitive information on your firm’s network, and ensure that it is only being used for its intended purposes.
  11. Make sure your data is being backed up regularly: Ensure that you are backing up your data offsite and using a tapeless method. Offsite tapeless backup provides additional layers of redundancy in the case that any critical information is lost or compromised.

Data Governance: Maintaining Control of Your Firm’s Assets

Data is the most important element of any organization, and as a result, companies of all types and sizes need to understand who uses it, and where and how it’s stored.  Data governance and auditing covers group of measures that formally manage data assets throughout an organization. For hedge funds, this data can include investor information, bank account information and investment decisions.  To minimize the risk of a data breach, the FCA and SEC have recently placed guidelines on data usage and control access. Firms are now required to develop data governance and auditing policies in order to classify their sensitive data and understand its location on file servers.

Strong data governance and auditing services will report on permission structures so that firms know exactly where their sensitive data is housed. When evaluating a service provider, firms should ensure that the agents deployed to their site will feed information to the back end on their provider’s data centers. This process will allow for reporting and alerting based on specific rules, enabling users to access large amounts of data in short amounts of time, while also providing safety and security. Data governance and auditing services are typically offered in subscription formats based on firm user count.

While time consuming, data protection policies also bring many benefits, By working with the correct technology partner, you can remove the burden of managing the data yourself, while still meeting the appropriate levels of reporting and protection for critical data. Additionally, by ensuring that data is accurate and well organized, these policies can provide your firm with decision making confidence.