There is a sudden interest all things cybersecurity, information security, and data protection in boardrooms around the country nowadays. But many ordinary worker folks do not think that there is anything they can do to help in keeping data safe. Here are five questions you can ask inside your organisation to get a better idea of how you can help.

“If cyber is everyone’s problem now then what can I do? I am not a cyber professional!”

This is the question everyone is asking now…

5 Questions you can ask

I gave a talk on #CyberSecurity and #DataProtection at a conference in Melbourne last week. Here are five questions you can ask inside your organisation:

1. What are our policies to protect customer data?
2. What are our practices to protect customer data?
3. What data do we keep and what do we need to retain?
4. Who is responsible for determining a data breach in our organisation and what is my role?
5. What can my team do to help?

Why are these important?

Each of these questions is significant because their answers can tell you a lot about your own organisation. These questions will also give you as an individual and team member some ideas of things that you can do to help keep your organisation’s data safe.

1. What are our policies to protect customer data?

This is an important question because if your company is organised enough to have taken the trouble to write down their policies regarding data protection that is a good sign. This is the necessary first step towards actually protecting data. Take some time to read those policies and find any matching procedures. I know it seems dull. But it is important to know this stuff if you are going to do your bit to protect customer and staff data at work.

2. What are our practices to protect customer data?

This one is the question that tells you how real those policy and procedure documents are. Often companies write policies and consider it to be done. This is really a cultural question, it is about ‘how we do stuff around here’. Which can be very different to what has been enunciated in those carefully crafted policies. If you can find out the answer to this question you will know if your organisation takes data protection seriously or not.

3. What data do we keep and what do we need to retain?

This is the start of an important organisational conversation that we really need to have. So much of the data that was accessed in recent data breaches was old data, and one must ask why it was still hanging around. Every single organisation is huge data hoarder. And it was not much of a problem back in the olden days as we kept stuffing our databases with increased data that we did not use. But now with the growth of cloud the storage costs are rising, and it is a honeypot for potential hackers.

Every organisation needs to start a conversation about what data they hold, for what purposes it is held, and when it needs to be disposed of. Remember, while you keep hold of all that old data, much of it is stale and out of date anyway. It is much better to digest the data into things like data warehouses for reporting purposes and then to make a separate decision about the source data and its disposal.

4. Who is responsible for determining a data breach in our organisation and what is my role?

This is an important thing for everyone in your organisation to know, especially nowadays with so many ransomware attacks on foot. I recommend that you find out who is responsible for managing a data breach and find out the correct process to alert them if you become aware of an active data breach.

5. What can my team do to help?

This question is one every single team in the organisation should ask. The only way we can stop these data breaches from happening is if every single person in the organisation asks this question. And the answer will very likely be different for different organisations, industries, and teams.