Last updated: August 19, 2024
Personal information (PI) is the lifeblood of many business operations, but it is also a target for security breaches. This guide outlines key steps to fortify your defences and safeguard sensitive data.
Building Strong Passwords:
- The first line of defence is a robust password.
- Enforce complex passwords (8 characters minimum, including upper/lowercase letters, numbers, and symbols).
- Consider passphrases (16 characters minimum) for added security.
- Passwords are for work only - avoid using them for personal accounts.
Downloading and Storing Wisely:
- Only download the minimum amount of PI required.
- Clean data extracts of any unnecessary information - Secure storage is paramount.
- Utilize encrypted network folders, and avoid storing PI on local machines or unencrypted devices.
Sharing with Caution:
- The principle of "least privilege" applies here.
- Share only the essential PI, and leverage secure channels like network folders.
- High-risk information like Social Insurance Numbers or health data should never be emailed.
- If email is unavoidable, encrypt the attachments.
Retention and Disposal:
- Retain PI only for the necessary timeframe dictated by business needs.
- Before transferring, selling, or discarding a device, ensure all PI is securely removed.
By following these practices, you can become a champion for data security within your unit.