Data security: what you need to know about new international laws
Data protection and complying with relevant laws and regulations should be a priority for every Australian business. In fact, not complying can often cost a business more than twice as much as compliance would have, as well as damaging the organisation’s professional reputation.
Did you know that your business might not only be bound by Australian laws, but by international regulations as well?
The European Union General Data Protection Regulation (EU GDPR) is one example that is about to impact many Australian businesses. This new regulation will be enforced as of 25 May 2018, and even if your business is not based in the EU, it may still be bound by the EU GDPR. Non-compliance can result in significant fines, so if you haven’t already, take the time to ensure that your business is EU GDPR-ready well before 25 May 2018.
These new requirements have been developed to unify international laws, as well as future-proof and strengthen data protection rights for individuals. One of the most significant factors relating to the GDPR is that the new regulations will also apply to non-EU-based organisations. Your business will be impacted if it:
• Offers goods and services to individuals in the EU, and/or
• Monitors the behavior of individuals in the EU.
While in some respects the GDPR is similar to Australian privacy laws, there are also some significant differences that your business must be aware of. For more information about the EU GDPR, visit www.eugdpr.org
Mobile workers = data security threats
These changes to international law are a timely reminder of the need to adequately protect vital business information as well as customer records. However, with the increase in employees working from home or on the road, it is becoming difficult to maintain the highest level of data security.
Many organisations rely on USBs to carry and transfer information. They are small, convenient, fast and able to store large amounts of data, but standard USBs bring with them a raft of security threats.
• The size of a USB makes it far too easy to lose.
• If found, information can easily be stolen and disseminated.
• The mobility of a USB means it is knocked around in pockets and bags, and can be too easily damaged or broken.
• Using a USB on any computer means that there may be a trace of the data left on the computer.
For convenience and peace of mind, an encrypted USB drive is a must. Once the domain of government agencies, the military, health care and high finance, encrypted USBs are now a business staple for anyone who needs to access secure information on the go.
Advanced Encryption Standard (AES) is an international standard for the encrypting and decrypting of data. The AES encryption process is built into encrypted USB drives, and works automatically any time the drive is used.
When an encrypted USB is first used, the authorised user is asked to create a PIN or password. From that moment, the USB and its contents can only be accessed by first entering the PIN. The data is encrypted (changed so that it is not decipherable) and remains this way until the PIN is entered. The data is then decrypted (making it intelligible again) and is instantly available to the user. At this point, the drive works like any other USB. After the USB is removed, there is no trace of the data or the password details left on the computer.
However, if someone who is not authorised to use the USB tries to gain access without the password, they are out of luck. As an extra layer of security, many encrypted USB drives have a feature that disables the device and/or deletes its contents after a certain number of failed log-in attempts.
For this reason alone, the use of encrypted USBs should be made part of any organisation’s data security program.
Encrypted USB’s also tend to offer greater physical security than standard USBs. Made of strong, hardy materials, they are tamper proof and resistant to brute force attacks…or even the everyday wear and tear that results from being attached to key rings or bounced around in bags.
Whatever the level of security you need, and whatever the storage size you require, COS has a range of encrypted USB devices to help ensure the safety of your data, in the office or on the go. These include the Kingston DataTraveler and IronKey ranges that feature AES hardware based encryption, USB 3.0 high speed transfer, rugged casing and a five-year warranty.
Why not supply an encrypted USB to each new staff member and, as part of their induction process, include detailed instructions about your organisation’s data protection system and how the encrypted USB is to be used as an integral part of that.