6 Best Practices for Maintaining Data Security in Your Firm

by Brad Garland

Defending your data from threats is a number one concern. Technology is fluid, but planning properly will help your company get the best protection for the present and for future growth. These six best practices will help you maintain data security in your business security best practices


Plan-do-check-act (PDCA) is the foundation of best practices in data security. First published in 2005 as a set of controls known as ISO 27001, network assessment and security has traditionally followed the protocols of PDCA as the go-to system for managing data safety. You can begin to incorporate PDCA into your firm’s IT policies by following this four-stage process: 

  • Plan: Identify and establish procedures to minimize risks to data.
  • Do: Integrate and implement the established procedures.
  • Check: Monitor the controls set in place for compliance with the procedures.
  • Act: Utilize preventive and corrective procedures to continually improve the system.


2. Hiring

Hiring employees and contracted workers can be tricky. You want the best people as a part of your organization; but the majority of security breaches occur through employees rather than an online attack. Because employees are your greatest ally and greatest risk, minimize risks to data by putting policies in place to properly guide potential employees and contractors.

Tip: Ensure that you establish regular training and education for your employees so they can better understand why the procedures are there and the risks you are working to mitigate.


3. Access Control

As mobility increases, the risk of a data breach increases. More than just usernames and passwords, your company needs a well-organized plan for determining who has access to which information. Whether your firm uses the cloud, a Virtual Private Network (VPN) or a combination of the two, identifying the accessible and restricted data and who can access it is key to securing all data on the go.


4. Auditing

Established and regular auditing practices should allow team members to have a process to follow when inconsistencies arise, when a breach occurs, and when problems are identified. Internal staff can be used based on the size and structure of you environment, but a focus on some independence should be established. If that can not be guaranteed, the skillet is not available, or when regulatory requirement dictates, hiring a trusted third party as an information security consultant or firm can also help ensure appropriate practices are established.


5. Scalability

When considering new software or equipment, scalability helps account for expansion of security protocols. Each new program, computer and piece of digital equipment should be able to accommodate the fluidity of the technological environment.

Tip: Ensure that your network is tested through a vulnerability assessment or penetration test after these changes occur. 


6. Physical Security

Sometimes it’s not the passwords that get hacked, but the lock on the door. In this increasingly digital and cloud-based world, don't forget to protect or limit access to sensitive paper documents, workstations, screens, and other sources of critical information in high traffic public areas. Restricting access to areas with servers and sensitive data in addition to protection from the elements and emergencies such as fires and floods needs to be a part of any business continuity plan.

For more information on ways to secure your firm’s data, contact Vala Secure at any time.