Following Data Protection Day, SmallBusiness.co.uk looks at how businesses can stay vigilant and keep ahead of cybercriminals.
Following Data Protection Day, SmallBusiness.co.uk looks at how businesses can stay vigilant and keep ahead of cybercriminals. By Christian Toon, Head of Information Risk, Iron Mountain The 28th January is Data Protection Day.
The main focus of the day, now in its fifth year and celebrated across Europe, is to raise awareness of data privacy issues, rights and responsibilities. Most of the messages are targeted at individuals and concern personal identity, but data protection is a much bigger issue than this. Data is the lifeblood of your business. From customer records and financial information to sensitive commercial documents such as contracts and business intelligence, data underpins every aspect of a company’s operations and helps to keep you ahead of the competition.
The loss or damage of any of this data can cause irreparable damage. Studies have shown that more than 40 per cent of companies never recover from catastrophic data loss, and 90 per cent of companies that suffer a significant data loss go out of business within two years .
Cybercriminals and identity thieves are quick to exploit new digital opportunities and loopholes, for example through phishing websites or viruses that intercept or infect your customer details. Physical documents can be stolen from offices or retrieved from waste and recycle bins if inadequately destroyed, and simple human error can lead to valuable information being lost or accidentally leaked. Everybody is familiar with the kind of data horror story that sees a briefcase full of confidential plans left on a train, or a disc containing customers’ financial details lost in the post. Even if no criminal activity ensues, the public relations impact of a data breach could severely damage a company’s brand and reputation, and render the company liable to an Information Commission fine of up to £500,000.
What can a small business do to protect its data?
- Know what you know. Understand exactly what data you hold, where it is stored and who has access to it. Make sure you can track information as it changes hands.
- Introduce information security policies for the whole business. These could include restrictions on removing data from company premises (for example on USB sticks or laptops) and standard procedures for filing and storing paper records at the end of a working day.
- Provide training for all employees handling sensitive or important data on a daily basis. This includes employees in HR, sales, finance and IT.
- Ensure you have the right IT processes in place. Back up and encrypt all digital information such as emails or electronic files.
- Securely delete information that is no longer required. Once customer data is no longer needed it must be disposed of using a system that is standard across the business. Secure particle shredding of documents and discs is an effective way of destroying information that is no longer relevant or useful.
- Understand the legislation. Government legislation is increasingly complex and the fines for non-compliance and data breaches are increasingly stringent. The excuse that you didn’t understand it won’t protect your business from the resulting fine.
- Consider outsourcing your information management to a trusted supplier who can securely remove, archive, manage, retrieve and, ultimately, delete information for you.
While this list is far from exhaustive, it demonstrates that data protection is a serious issue that requires commitment and ongoing review. For rapidly growing small firms, existing procedures can easily be overtaken by changing needs. No business wants to fail, and certainly not as a result of something as avoidable as a data breach. Information is one of the greatest assets of any business - it pays to keep it safe.
See also: Protect your data