When working to keep data and passwords safe within company computers, employers need to be proactive in ensuring that employees are not putting them at risk. There are risky behaviors that employees do on work computers that a company needs to look at limiting.
Have clear policies that all employees are aware of. This includes stating what belongs to the company when an employee leaves a job. Make it clear from the start that all documents and data created by the employee are property of the company even after employment has been terminated.
Make sure staff are aware of data protection policies. From day one of employment you should have employees go through training classes on data breaches. Then doing it regularly with all employees throughout the year will not only confirm how committed you are to protecting data, but will also remind employees of what you expect as well as keep them up-to-date on any new practices you have put into place.
Make sure the training includes software and tools that are used to protect data. Also inform employees of the company policy of using personal devices when completing work.
Use employee contracts. Making new employees sign a contract which includes policies on codes of conduct as well as data ownership helps protect companies. Letting employees know not only what you expect of them, but also what belongs to the company as well as the consequences of not following these rules, will go a long way to keeping your company data safe.
Only allow the appropriate people to have access to specific data. Not everyone is going to need all data, so only granting access to the appropriate team members helps keep the data from getting into the wrong hands. You can keep this organized so you know who has access to what with a spreadsheet that lists each employee's access to specific apps, tools, and information. This will also help you cancel roles when necessary to the appropriate information.
Report suspicious activity. No one wants to be the snitch on the job. But if you encourage it of all employees and give them a way to report suspicious activity anonymously, then people will be more likely to report. Train everyone on how to recognize things like phishing schemes and how to speak up to the appropriate person in these matters.
You might not be able to completely prevent a data breach, but you can put things in place that can help you keep data safe. Most importantly, having your finger on the pulse of everything within your business will go a long way to ensuring that data remains secure. The longer you wait to address a situation, the bigger the problem is going to be.