Protecting Private Data Best Practices

Cybersecurity is an essential part of every day life. From personal accounts to work data, every person needs to understand the basic ways they can protect themselves from malicious attacks. We wanted to outline some tips for protecting your employees, your organization, and the people you serve from potential security threats. 

Use a secure connection or VPN 

Private networks, like the ones in your office or most people's homes are typically more protected than public wi-fi. When your staff works remotely, they should use your VPN (virtual private network) to access any company data. This reduces the risk of security breaches and can be a critical point of defense for your organization. Make sure your employees know how to connect to the VPN, and why it matters, before they can work remotely.


Multi-Factor Authentication (MFA) and 2-Factor Authentication (2FA) are methods of ensuring cyberattackers are unable to access your information. MFA uses additional security measures, outside of a password, to ensure the person accessing a given account is the account owner. This can be a text code, phone call, or push notification from a mobile device. While it is still important to use strong passwords, your organization should also implement multi-factor authentication for additional security.

Train your team 

Security starts with people. Train your staff to follow basic security best practices like closing and locking devices when not in use, not clicking on malicious links or emails, and using strong passwords to prevent security breaches. Training should be a part of your onboarding process for new employees and a continuous practice for your entire organization. You can consider using specific training tools and platforms to ensure your organization is following best practices and actively following standards.

Manage permission settings 

Not everyone in your organization needs access to every file. Determine which roles and teams need access to various documents, including financial information, HR documents, or client or patient data, and lock down access so that only relevant team members can view or edit these files. This will limit the possibility of accidental deletion, edits, or the sharing of sensitive information.

Stay up to date with compliance practices 

Your organization may be subject to laws and regulations like HIPAA, GDPR, or CCPA. Ensuring that your systems are operating under these regulations (when applicable) is key to protecting your customers, patients, and staff. By failing to meet these standards, you subject yourself to fines, operations issues, and a loss of trust between the people you serve and your organization.


Have a plan in place for a breach 

There is always a risk that the data you store could be subject to a breach. Under some regulations you are required to report data incidents to affected parties, but it is always best practice to document incidents and responses even if the threshold for reporting has not been met. Before an incident occurs, it is important to determine what you consider a breach, create a team to handle your response, and outline your response plan. You should always analyze how the breach occurred and what security measure failed, try to limit any further data loss, and determine how you can prevent similar incidents in the future. 


While this list doesn’t encompass everything your organization should do to stay secure, it is a good starting point. We recommend you start with assessing your current security infrastructure so you can find gaps and create a plan to fix them.


This post was originally published in April 2020 and updated in September 2022.

Leave a Reply