Q. I am a small business and all of the information I need is located on computers. How can I be sure it is safe?
A. There are three main rules that every business should follow when thinking about making sure that all of their data is secure, says William Beer, PricewaterhouseCoopers’ director of OneSecurity. It can be summed up in CIA, which stands for confidentiality, integrity and availability of data. Beer recommends using encryption, or password entry, on any desktop, laptop or smart phone that you use for work. “Most devices today support a basic level of encryption, but make sure you activate it, as usually it requires you to turn it on first,” says Beer. Usually if you enter a wrong password more than 10 times then all of the data on the device will be deleted, which is very useful if your laptop is stolen. The other thing that is important is the integrity of the data, says Beer. “You need to know what would happen if the data in your database or in a file is corrupted either through a virus or a malicious act.” If a small business outsources its IT needs, data security is still its problem, says Beer. “Contact your service provider and ensure what safeguards they have in place so that your data can be protected and its integrity is ensured.” Lastly, Beer says that business owners need to think about the availability of their data, which means that all data should be backed up, either through an external hard drive or a third-party provider.
Q. What about my staff, how can I ensure they are aware of data security?
A. The biggest misconception about data security, says Beer, is that it is all about technology. “Most people think it can be sorted out by a programme or some sort of technical change to your system, but this isn’t always the case. You need to remember the importance of people and not focus too much on technology. The best thing that you can do is to make sure that your staff are aware of how they can avoid breaches of data security,” he says. This means ensuring that staff members don’t leave their laptops in cars overnight, or a smart phone lying around in a pub. You should implement a policy for your staff, for example making sure everyone changes their password regularly, introduce a clean desk policy and ensure that no important documents are left lying around. “But the most important thing you can do is actually communicate this to your employees so that everyone is aware that data needs to be respected. With a few basic rules you tend to get a good result, and employees can become more vigilant as a result,” says Beer.
Q. How can I back up my data?
A. Usually an external hard drive is necessary, or a USB stick. But whatever you use, make sure that it is encrypted and that you test it regularly to ensure that it is working correctly. If you can afford to, then it might be worth actually using a data back-up provider who will put your data on a central hard drive that is located off site. There are some free online versions that are now available, including Mozy.