Deck the halls with data security: Twelve tips for a safe and Merry Christmas

As we gather to celebrate the season of giving and goodwill, data protection managers around the globe may be taking advantage of this opportunity to raise awareness in a joyful and tinsel-strewn manner.  After all, ensuring robust data protection measures is akin to wrapping our personal information in a secure, digital gift box, keeping it safe from prying eyes.  
Prioritising the security of patient data protect the trust placed in healthcare providers and may prevent everyone’s festive period from being interrupted by data breaches and similar incidents!
So, without further ado, here are our twelve tips for healthcare employees to ensure a very merry data-protected Christmas:

1. Use strong passwords
   •      Staff should be careful to create complex passwords, mixing letters, numbers, and special characters, or simple compounding three unrelated random words.
   •      Always avoid using easily guessable information like birthdays or common words and phrases.
2. Phishing scams don’t stop for Christmas
   • Never click on suspicious links, external QR codes, or open attachments from unknown sources. If you weren’t expecting it, it may be malicious.
3. Secure papers and physical device 
   • Lock computers and mobile devices whenever they are not in use and use screen privacy filters in public places.
   • Tidying away papers keeps them away from prying eyes
4. Limit data access
   • Only access and share data that is necessary for your role.
   • If you control access rights make sure you follow the principle of least privilege. 
5. Stay informed and trained
   • Participate in your organisation’s data protection and cybersecurity training to stay updated on the latest data protection practices.  Everyone should complete training at least once every two years.
6. Regularly update software
   • Keep all software on firm devices, including antivirus programs, up to date to protect against vulnerabilities.
7. Dispose of data properly
   • Always shred physical documents containing client or sensitive information.
   • Use secure methods to delete digital files, ensuring they cannot be recovered.
8. Be mindful of social engineering
   • Be cautious of unsolicited requests for information, even if they appear to come from a trusted source.
   • Verify the identity of individuals before sharing any data.
9. Secure email communications
   • Use email encryption tools to protect sensitive information sent via email.
   • Be cautious of auto-complete features to avoid sending the wrong emails to the wrong recipient 
10. Report security incidents promptly
    • Report any suspected data breaches or security incidents without delay – there is a 72-hour deadline to report data incidents to the ICO.
11. Use secure file sharing methods
    • Many organisations provide encrypted file-sharing services for securely sending sensitive documents.
    • Password protecting documents also reduces the risk of unauthorised disclosure.
12. Check in with your data protection team
    • If you are planning to use personal data in a new way, have received a request for data, might have spotted a data incident, want to set up a new process or project, or want to know how to make sure you are complying with the rules, the best people to speak are the data managers and their team. 

If you would like to discuss any of the issues raised here or require support with a data protection matter, please don’t hesitate to contact Claire Williams or a member of our information law, data protection and privacy team.

Our content explained