October 3: Data Security, the Core of Protection
On day 3 of Cyber Security Awareness Month we are looking at data security. Data Security refers to the measures taken to protect date from unauthorised access, corruption or theft throughout its lifecycle.
Data Security is about protecting data from unauthorised access, disclosure, alteration or destruction.; it is a combination of physical, technical and administrative safeguards:
-
Physical Security: Protecting devices and infrastructure where data resides. This includes locked server rooms, secure data centres, and even ensuring your laptop is physically secured when you're away from it. When doing a data walk in your organisation, something we call 'Making the Rounds', we will review physical security of data.
-
Technical Security: Implementing technological measures to protect data. This involves:
-
Encryption: Scrambling data so it's unreadable without the correct key, both when it's stored (data at rest) and when it's being transmitted (data in transit).
-
Access Controls: Limiting who can access specific data based on their identity and role (e.g., only HR can view employee salaries). We will review access controls for physical data files and digital files. Reviewing access control for systems and digital data can help prevent cyber attacks and subsequent data breaches.
-
Firewalls: Devices or software that monitor and control incoming and outgoing network traffic.
-
Antivirus/Anti-malware Software: Protecting against malicious software that could corrupt or steal data.
-
Regular Updates: Patching vulnerabilities in software that attackers could exploit.
-
-
Administrative Security: Establishing policies, procedures, and training that govern how data is handled. This includes data retention policies, incident response plans, and employee security awareness training.
For individuals, data security means backing up important files to a secure external drive or cloud service, encrypting sensitive documents, and being cautious about where and how you store your digital information. For organizations, comprehensive data security is non-negotiable for regulatory compliance (like data protection), maintaining customer trust, protecting intellectual property, and ensuring business continuity. Treat your data as if it were your most valuable asset – because, in many cases, it is.
💡Today's Cyber Tip: Back up your most important files!
Today, take action to back up your most important personal files (photos, documents, etc.) to at least one external source, like a cloud service or an external hard drive. Better yet, use the "3-2-1 backup rule" (3 copies, 2 different media types, 1 offsite).
We have a number of video that explain data security:
Network Security
Physical Security Measures
Data Encryption
Software Updates and Patch Management
Access Controls and User Permissions
DPE Knowledge Bank Guidance and Support:
For schools and colleges, six of the DfE Digital Standards are now mandatory. We have a DfE Digital Standards Tracker tool help you track your cyber resilience and your progress:
Review our Cyber Security Best Practice Area for micro learning, support, guidance and policies:
Why not have a look at our 'specialist' trainer Harry the Hacker :
