Just cast your mind back for a moment over all the data security issues companies have had in the last two years. There are almost too many incidences to name. Hello Kitty leaked details of its user accounts in December 2014. Then, Thomson, the holiday company, leaked the personal details of 500 of its customers in August 2015. Then we had the whole Ashley Madison fiasco, where the morally righteous leaked the details of cheating spouses signed up to the site. And just recently, internet streaming service Spotify has also leaked confidential user information. What’s more, these are only a few high-profile examples.
Given that data leakage is happening with terrifying frequency might one be visiting a business near us soon? Worse still, might that business be our business? Yes, it might.
For the criminals, getting hold of user information can mean big business. Just think of how criminals managed to extort money from Ashley Madison by possessing user data. It’s not just the so-called big prizes like credit card details the fraudsters are after anymore. It is any sellable information they can glean from your customers.
All this means that businesses need to step up their game. They need to prove to the wider world that they’re doing everything in their power to prevent criminal use of data. Not doing so could actually land a business in costly litigation with clients that have lost money as a result of negligence.
Idea of Business Data Security
So what can businesses actually do? The first thing any reasonable business need to do is establish what data it stores and how valuable those data are. Come up with a list of where data are stored. Are they on laptops, netbooks, staff computers? Are they lying around on memory sticks, in the cloud or, heaven forbid, on floppy disks? Having a basic audit of where your data are located will form the basis of your security strategy.
The next step is to determine how valuable your data are. If you’re a company whose reputation is based on keeping your client’s infidelity a secret, then all your CRM data is mission critical. Mission critical means that if the data are lost, your bottom line suffers.
Then plot out how you use these data. Are customer data left on a memory stick in a filing cabinet for months on end, or do employees access and insert data every day? Also, make a note of how the data are transferred from one location to another.
Once you’ve got your list, you need to think about what the specific dangers are to your business. Are your offices on a fault line? Is there a risk of fire? Might malicious hackers try to access your data and sell it? Might an employee with high-level access to data try to do the same thing? These are all plausible risks that you have to consider. Not least because they’ve all eventually occurred in one business or another.
Once you’ve audited your data and identified your risks, what next?
Well, one of the first ports of call is setting up a firewall. Even though criminal techniques have moved on substantially since the heyday of firewalls, they still work. They can still block the majority of attacks that your business is likely to suffer.
Without a firewall, viruses and malware can be used to access data. If you find that a virus has gotten onto your computer you can get help from Ottawa IT support to get it all fixed up. Worryingly, they can also remain dormant, even on your virtual servers, only reactivating when your data falls in.
If you’re regularly transferring data, you might also want to consider transferring all your data into the cloud. Cloud computing companies take away a lot of the hassle involved in doing in-house data storage. Plus, for cloud-computing companies like VPS Server, security is paramount. Their business depends on that even more than yours.
Importantly, cloud solutions actually take a lot of the risk out of data transfer. They allow you to transfer data from one server to another on private networks. Good private networks do not allow anything in from the internet. And you’ve got the added bonus of seamless, instantaneous data transfer.
The other thing that you can do to minimise your risk is to only give employees access if they need access. Let’s say you have an employee responsible for accounts and another for customer data. Why would the accounts manager need access to customer data? They wouldn’t. But giving all employees access to all data reduces individual employee accountability. Plus, if only the necessary staff have access to the data they need, you don’t risk them deleting it by accident or on purpose. There’s also a lot of benefits to be derived from granting different levels of access to data.
You can also make sure that your employees know why data security is so important to you. This aspect of data protection is often overlooked in favour of more high-tech solutions. But a little explanation, no matter how obvious it might seem to you, can go a long way. Don’t forget that your employees probably don’t see your business as you do. They’re far more likely to take a cavalier attitude to data if they don’t understand what losing it would mean to the business. And, of course, their jobs.
Finally, you want to make sure you have a regular backup procedure in place to secure data should the worst happen. Backing up data usually means having an up to date repository somewhere well away from your main business location. Again cloud services can help in this regard. But you should choose the method that’s most convenient for you.
Maybe that’s a stack of CDs, maybe that’s online backup. Perhaps it means mirroring your hard drives across multiple clients. Remember, it’s a cost-benefit decision. You have to weigh up your desire to operate efficiently on the one hand, with your desire to be secure on the other. And with the way things are going, I’d weigh heavily on the latter.