1. Choose a secure server host to store your data

Cloud servers offer a secure means for your data to be stored, as they automatically encrypt your data when it is uploaded to the cloud as well as regularly back up your data. It’s also useful to know that cloud server operators must comply with a whole host of regulatory mandates, frameworks and laws of the countries in which they operate, meaning that they are highly secure. ToucanTech uses dedicated cloud servers hosted by Amazon Web Services (AWS) to store all of our data, which has the most extensive, reliable and secure global cloud infrastructure, as well as backing up data to a separate Google Cloud Platform (GCP) server in a separate location for disaster recovery purposes. 

2. Constantly check for viruses and malware

The best way to prevent your website from being attacked, and to protect your data, is to install antivirus software and malware protection. Don’t wait too long between each scan for database security threats - try to run your malware protection every day to identify and detect potential vulnerabilities. Firewalls are also a great way to restrict internet traffic and protect from website attacks. ToucanTech uses both virtual network firewalls and web application firewalls to automatically protect against various website attacks, alongside running automatic antivirus scans on a regular basis.

 3. Beware the dangers of using unsecured wifi to access data

Now that remote working is more common, it’s important to keep in mind the danger of accessing data from unsecured wifi. This could include connecting to public wifi or even using home wifi, which is not regularly updated. To avoid this, you should educate on and remind team members of the dangers of connecting to unsecured wifi and implement internal security policies to ensure staff are conscious of this when working with data. If you travel a lot and access particularly sensitive data, you may consider using a virtual private network (VPN) to add a layer of security when using unsecure wifi.

4. Pick a passphrase

Encourage your new users to sign up to your online community using a strong password, in particular, a passphrase. Passphrases are made up of four or more random words, making them more difficult to crack. In theory, they should be easier to remember too - think Chicken2nightinParis! Bonus points if you encourage your users to add a second point of identification called multi-factor authentication, as this will add an extra layer of security to the account, and is another feature supported by ToucanTech. Keep in mind that passwords of less than 8 letters could be cracked in less than an hour, so the best passwords are those that are long, unique and regularly updated.

5. Limit who can access your data

Have you taken a look at who has access to your organisation’s data? Rather than giving everyone in the team access to your system, think about their specific role and what data, information or applications must be made available for them to do the job. Consider reviewing your admin accounts and assign different levels of access accordingly. Make sure you add in a default admin logout time for inactivity - here at ToucanTech, main admins are able to choose a default admin logout time of 30 minutes, 2 hours or 12 hours of no activity. To make sure no unauthorised personnel are able to access your data, have an admin manually approve each new member to your online site before they are able to use your site. 

6. Use a secure encryption to import, export and transfer data

Never send personal data via an unencrypted email. Email is not a secure method of data transfer, and does not guarantee an encrypted transfer end to end, making the information more vulnerable to a hack along the way. Instead, upload all data directly to your online portal using a secure file-sharing device, encrypted USB or a partner integration service. At ToucanTech, all customers are able to securely upload data directly into or from their ToucanTech admin portal, and only the highest-level customer admins should be allowed to export fixed CSV lists of records from various sections of the admin portal, with a full audit log of exports captured.

7. Ask your suppliers about their policies for handling your data 

Is your supplier a data controller or processor? If the answer is yes, find out whether they are registered. Ask about the regulatory code they abide by and if they have policies in place for their employees. At ToucanTech, we are acutely aware of the responsibility that comes with handling your data, and are registered with the UK’s Information Commissioner's Office (ICO) to handle all of our customer databases, as well as adhering to the privacy policies of multiple global jurisdictions, including the EU's GDPR and Australian, UK and US data privacy laws. Make sure you are familiar with your data processor’s data breach process and what cyber and data insurance cover they have.

8. Be transparent about your data protection policy

Every organisation with a digital presence is required to mention its data protection and privacy policy. With emerging security threats on the rise as well as new privacy regulations, make sure you inform users about data collection and use practices. Make sure your data protection policy provides users with a comprehensive explanation on how their data is stored, managed and processed. 

9. Manage your users’ consent appropriately

Consent management is the practice of giving customers control over the data you collect and how you use it. It’s therefore important to make sure your users are able to edit and update their own consent options. ToucanTech has a full consent management system inbuilt to help customers comply with the EU’s GDPR and other international privacy laws. This allows you to track and manage users who have opted-in, out or remain unspecified accordingly.

10. Safeguard your younger members

The best way to safeguard your younger members and users is to have locked down content visible only to logged-in members of your community - that way, only verified users will have access to all the content displayed on the site. Community admins should also monitor internal messages and posts, blocking or muting anyone they are worried about on the online community - users can support admins with this by reporting ‘spam’ messages from others. Parents can also help younger users with adjusting their online privacy settings so that their profiles are only visible to connections on the online portal.

ToucanTech publishes regular up-to-date guides about consent management, data and privacy law and other related topics. To learn more about how you can manage your organisation’s data safely and securely, get in touch with the ToucanTech team.