How do you keep personal data secure?

04 Oct 2019

Data. Data. Data. In today’s modern world, businesses and organisations collect, store, analyse and utilise vast sums of data – especially personal data. With tighter regulation on data storage and increased interest in accessing this data from cyber criminals, how do you know your data is secure and protected? 

What is personal data? 

As a broker, you’ll be processing and storing lots of information. From information on your clients - including names, addresses, contact details, payment information and details of this individual’s risks and policies – to marketing information held on potential prospects and of course, personal information about your employees. 

If you’re not sure what would quantify as personal data, the definition is: ‘If a living individual can be identified through the information you hold, then you are storing personal data - whether they can be directly identified from the information in question, or indirectly identified from combined information’.

It's valuable information 

This bulk data storage makes a tempting target for cyber criminals of all kinds. We’ve recently seen a rise in brokers being targeted by Phishing scams – so it’s extremely important that you take necessary measures to ensure any personal data that your business holds is protected.

How can you stay secure?
  • Employee education – We all make mistakes. But for businesses, these mistakes could result in a data breach that exposes valuable information. Make sure your employees are educated on the steps they can take to limit the likelihood of human error, including always double-checking recipients are correct before sharing data and that the recipient is entitled to be viewing what you’re sharing with them. 
  • Robust data handling policies – Personal data needs to be handled carefully and securely. Make sure the data you hold is stored securely and not held on publicly accessible locations. Encrypt and password protect it and consider only giving access to employees who need it and apply appropriate protection when sharing outside of your organisation.
  • Password security – employees often use weak passwords and duplicate credentials from their personal accounts. This makes them vulnerable to malicious attacks. Provide appropriate training and consider password security-management systems. 
  • Don’t share more than you need to – this may sound obvious, but when sharing data (within the legal parameters) don’t share more than you need to and make sure it’s only going to the relevant people – this includes not sending to potentially outdated ‘grouped’ email addresses. 
For more guidance and information 

You can find more information about the protection and processing of Personal Data on the Government’s National Cyber Security Centre

We also have a series of 'Cyber Risk' modules available on our Aviva Learning and Development Zone to help you brush up on your knowledge. Simply search 'cyber' on the Development Zone site.

For more information about registering for Aviva's Development Zone, email devzone@rwagroup.co.uk.