12 tips for effective data security in the digital age

In the digital age, where data is as valuable as gold, data security has become one of the most crucial issues for both businesses and individuals. As an IT company, we recognize our role in protecting client data, but data security is a shared responsibility. In this article, we will review the key principles and share practical tips to help you become an active co-creator of your digital security shield.

1. Do not share passwords

Your password is the key to your private space. It should not be shared with colleagues, family members, or customer support staff. Even if you trust someone, sharing passwords in any form increases risk. If a system is used by multiple users, each should register their own username and password, as actions in the system are logged by username—who created a document, made edits, deleted a document, etc. In case of a dishonest employee, data can be deleted or intentionally damaged, and without unique identification, it will be impossible to determine who performed these actions.

Tip: Use password managers (e.g., 1Password) to avoid using weak or repeated passwords.

Each user should register their own account and keep their administrative rights to themselves so that you can fully control account activities.

2. Two-Factor Authentication (2FA)

2FA is one of the most effective tools to protect your account even if the password is leaked. It means that access is granted only when, in addition to the password, a unique code from a device or app is entered.

We highly recommend enabling 2FA wherever possible. It is also available in our solution. For more information on how to enable 2FA, read here.

3. Logging out of sessions

Logging out of systems after completing your work is important—especially if you are using a shared or public computer. Even if you are using your own device and leave a session open, it creates an opportunity for attackers.

Tip: Enable automatic session termination after X minutes of inactivity, if available.

4. Managing and deleting cookies

Cookies store your browsing information to improve user experience. However, they can also accumulate sensitive data and pose security risks.

Recommendation: Regularly delete browser cookies and cache, especially after using systems on unfamiliar devices. This should be done regularly—at least once a month, or more often if using shared devices.

Information on how to clear cookies can be found here.

5. Archive Storage and Access Control

Archives often contain sensitive information, such as client histories or financial data.

These files must be:

• encrypted;
• stored only in trusted locations;
• with restricted access.

Tip: Never store passwords or sensitive data in an unencrypted Excel file on your desktop.

Recommendation: Use secure and professional platforms, such as:

• Microsoft OneDrive for Business or Google Drive with a corporate account, where an auditable access mode is available;
• SharePoint – especially for teams with multiple users and a need for access control;
• Proton Drive or Tresorit – if full encryption (end-to-end encryption) is required;
• Local file encryption with BitLocker (Windows) or FileVault (Mac), if stored outside the cloud.

If archives are stored locally (e.g., on a server or external drive), they must be encrypted, and regular backups should be made and stored in a separate, secure location.

6. Using the Same Username and Password Across Multiple Portals

If one site is hacked and the password is leaked, fraudsters can access all accounts where the same combination is used.

Tip: Use a unique password for each system. Password managers make this easy to implement.

7. Why Is It Important to Use Antivirus Software?

Even the most cautious user can make mistakes – for example, receiving an email from a fraudster posing as a colleague or partner. Antivirus software acts as an automatic defense layer that protects you at the moment an attack occurs.

What does antivirus software do?

• Monitors all activities to immediately detect suspicious behavior;
• Scans files before opening them: eliminates risks before you even click on anything;
• Protects against unknown threats using artificial intelligence and machine learning;
• Warns about suspicious links and downloads – especially when browsing the internet.

Tip: Ensure your antivirus software is active and up-to-date – only then can it protect against the latest threats. If you don't use additional software, at least make sure Windows Defender (built into Windows computers) is enabled.

8. Opening Unknown Links in Emails (Phishing)

Users often fall for seemingly credible emails from "banka.lv" or "Your System Support Team" containing malicious links.

Tip: Always check the sender's address, be cautious if you are urged to act immediately ("act now!"), and never enter passwords after clicking on a link.

9. Downloading Files Without Verification

Clients often upload files (e.g., documents, statements, etc.) that contain viruses or macro scripts.

Tip: Before uploading files, ensure they have been scanned with antivirus software. Do not download files from unknown sources.

How to ensure that antivirus software actually scans the file?

1. Real-time protection is enabled

Ensure your antivirus software is running in real-time protection mode.

2. Manually scan the file

If unsure, you can perform a manual scan: right-click on the file > select "Scan with [antivirus name]".

3. Use online scanning

If no antivirus software is installed on your computer, use VirusTotal, a free online tool: upload the file and see within seconds if any of the multiple security systems detect a problem or suspicious content.

Important: Even documents (Word, Excel) can contain macro viruses. If a file prompts you to enable "Enable macros" — be very cautious if it's not from a trusted source.

If antivirus software is disabled, for example, during the installation of another program, make sure to re-enable it as soon as possible.

10. Using Public Wi-Fi Networks Without VPN

Connecting to, for example, airport or café Wi-Fi and logging into systems without an encrypted connection opens the door to "man-in-the-middle" attacks. This is a situation where a third party (an attacker) secretly intercepts communication between two parties — for instance, between you and a website — and intercepts or even modifies the transmitted information.

In short: You think you are connecting to a secure, verified website, but in reality, the attacker is "monitoring" and can access your data — such as usernames, passwords, or credit card information.

Tip: Always use a VPN when working on a public network.

11. Sharing Unauthorized Access with Third Parties

Access is often shared with external service providers or colleagues without appropriate roles, oversight, or time restrictions.

Tip: Grant access only to necessary users, following the "principle of least privilege." This means that a user, program, or system is granted only the access rights necessary to perform a specific task – no more.

In short: Everyone gets only as much access as they truly need to do their job. No one gets "the whole set of keys" if only one key is needed.

Always revoke access when it is no longer needed.

12. Not Disabling Old Accounts or Users

For example, employees change jobs, but their accounts remain active, allowing access to systems for months.

Tip: Create a process where employee accounts are automatically deactivated if not used for a specific number of days/weeks/months.

Data security is not a one-time action – it is a daily commitment. It starts with awareness, continues with training, and becomes part of the company culture if followed by the entire team. We are here to support, provide solutions, and help implement best practices, but your active participation is indispensable.

No matter how technologically advanced a system is, human behavior remains the weakest link in the data security chain. Even one thoughtless action — writing down a password on a sticky note, sharing it with a colleague, or clicking on a seemingly harmless link — can open the door to malicious access and sensitive data leaks.

That's why data security is not just the responsibility of IT specialists — it is everyone's responsibility.

Be cautious in your daily activities: think about who and how you grant access. Don't ignore security recommendations. Enable two-factor authentication, use unique passwords, and regularly review your digital habits. Your conscious actions can be the decisive factor that prevents an incident and ensures a peaceful work environment for you and the entire team.

If you have questions about how to improve your security practices – contact our customer support!

Yours, Jumis!

Possible Security is a cybersecurity company with deep roots in research, responsible vulnerability disclosure, and practical security problem-solving. We are based in Riga but work with critical infrastructure operators, government institutions, and large enterprises with specific security requirements worldwide.

Possible Security