Security is a major concern in 2021, especially for organizations that deal with high-value and sensitive information. Whether you’re an organization looking to choose the best plugins for your WordPress site, or one that deals with sensitive client information that must be kept secure from keyloggers on phones or other computer systems, ensuring that you and your employees take the best security precautions is a mist.
This guide dives into five security measures that you can adopt to ensure that your organization’s data remains safe at all times.
Adopt A Rigorous Password Policy
Access to a computer workstation or a file using a user name and password is the first protection. The password must be individual, difficult to guess, and remain secret. It must not be written on any medium. The IT department or the IT manager must implement a rigorous password management policy: a password must contain at least eight characters, including numbers, letters, and special characters, and must be renewed frequently (for example, every three months). The system should force the user to choose a different password than the three previously used.
Usually assigned by the system administrator, the password must be changed by the user the first time he or she logs in. Finally, system and network administrators should be careful to change the passwords they use themselves.
Design A Procedure For Creating And Deleting User Accounts
Access to workstations and applications must be done using named user accounts, and not “generic” ones (accounting1, accounting2…), in order to be able to trace the actions done on a file and, thus, to make all the participants responsible. Indeed, “generic” accounts do not allow for the precise identification of a person. This rule must also apply to the accounts of the system and network administrators and other agents responsible for operating the information system.
Securing Workstations

Agent workstations should be set to automatically lock after a period of inactivity (10 minutes maximum); users should also be encouraged to systematically lock their workstations when they leave their desks. These provisions are likely to limit the risks of fraudulent use of an application in the event of the agent’s temporary absence from the workstation concerned. In addition, it is strongly recommended to control the use of USB ports on “sensitive” workstations, prohibiting, for example, the copying of all the data contained in a file.
Identify Precisely Who Can Access The Files.
Access to personal data processed in a file must be limited to only those persons who can legitimately access it for the performance of the tasks entrusted to them. The “clearance profile” of the employee concerned depends on this analysis. For each movement or new assignment of an employee to a position, the line manager concerned must identify the file or files to which the employee needs access and update his or her access rights. It is, therefore, necessary to periodically check the application profiles and access rights to directories on the servers to ensure that the rights offered are appropriate to the actual duties performed by each person.
Ensure Data Confidentiality With Respect To Service Providers
The interventions of the various subcontractors of a data controller’s information system must present sufficient guarantees in terms of security and confidentiality with regard to the data to which they may, if necessary, have access. The law thus requires that a confidentiality clause be included in subcontracting contracts. Any work done by a service provider on databases must be carried out in the presence of an IT department employee and recorded in a register. Data that may be considered “sensitive” under the law, such as health data or data relating to means of payment, must also be encrypted.
“Note: the system and network administrator does not necessarily have access to all of the organization’s data. However, they need access to platforms or databases to administer and maintain them. By encrypting the data with a key that is not known to the administrator, and that is held by someone who does not have access to the data (the security manager, for example), the administrator can carry out his or her missions, and confidentiality is respected.
In Conclusion
As you can see, keeping your organization’s data secure is of primary importance in 2021, especially given the scale at which spying and hacking tools are becoming more advanced and widespread. As a result, you must know how to detect and remove a keylogger from your employees’ phones or any other devices.
Most importantly, education and training are key to ensure that your employees don’t make some common security mistakes that can land your company in big trouble.