Data protection is not just the responsibility of the IT department or the DPO. Every employee plays a crucial role in the company's information security. A simple mistake can cause a security breach with serious consequences.
1. Use strong passwords
Passwords are the first line of defense. Follow these recommendations:
- Minimum 12 characters
- Combine uppercase, lowercase, numbers, and symbols
- Don't reuse passwords between different services
- Use a password manager to store them securely
- Enable two-factor authentication whenever possible
2. Always lock your computer when you step away
Even if you're just going for a coffee, lock your computer:
- Windows: Win + L
- Mac: Control + Command + Q
Remember: An unlocked computer is an invitation for unauthorized access.
3. Watch out for suspicious emails
Phishing is one of the most common threats. Before clicking:
- Verify the actual sender (not just the displayed name)
- Be wary of unexpected urgencies
- Don't download attachments from unknown sources
- When in doubt, contact the alleged sender directly
4. Don't use unknown USB devices
USBs can contain malware that runs automatically. Basic rules:
- Never plug in a USB you've found
- Only use devices provided by the company
- Scan any external USB before opening it
5. Keep your devices updated
Updates fix security vulnerabilities:
- Update the operating system when requested
- Keep browsers and applications updated
- Don't postpone security updates
6. Classify information correctly
Not all information has the same level of sensitivity:
| Type | Examples | Treatment |
|---|---|---|
| Public | Corporate website, brochures | Can be shared freely |
| Internal | Procedures, org charts | Employees only |
| Confidential | Customer data, contracts | Restricted access |
| Highly confidential | Health data, financial | Maximum protection |
7. Be careful in public spaces
When working outside the office:
- Don't discuss confidential information in public
- Use privacy screens
- Don't connect to public WiFis without VPN
- Don't leave documents visible on your screen
8. Delete data correctly
Deleting a file is not enough:
- Use the company's secure deletion tools
- Shred confidential physical documents
- Properly format devices before disposal
9. Report any incident immediately
If you suspect a security breach:
- Don't try to fix it yourself
- Contact IT or the security officer immediately
- Document what happened
- Don't delete evidence
GDPR requires security breaches to be reported within 72 hours. Every minute counts.
10. Separate personal from professional
- Don't use corporate email for personal matters
- Don't store company data in personal accounts (Dropbox, personal Google Drive)
- Don't install unauthorized software on work equipment
Quick checklist
Before ending your workday, verify:
- Have I locked my computer?
- Have I properly stored sensitive documents?
- Have I logged out of all applications?
- Have I locked away confidential physical documents?
- Have I securely emptied my recycle bin?
Conclusion
Data protection is everyone's responsibility. By following these simple practices, you contribute to the company's security and avoid fines that can reach 20 million euros.
Need data protection training for your team? At Asesores&Datos we offer training programs tailored to each company's needs.