You’ve seen the headlines about companies or government ministries who have been faced with major incidents of data loss.
Should you be concerned about data security and protection? What if your business is small and has only a few employees?
Regardless of the size of your business, your company and customer data is a uniquely important asset. This data—whether hardcopy or electronic—is a critical part of what differentiates you from your competitors. It gives you a competitive edge.
Some of your data may be particularly sensitive, such as intellectual property or patent submissions that are pending government approvals; maybe it’s your business strategies, new product research and development information; or the personal information about your staff; banking and credit card information, or something as simple as a price list of your products or services.
It used to be that all sensitive in-house data was locked away in a cabinet. It was easy to setup controls as to who had access to the information. In today’s business world sensitive data is now stored, shared and accessed from anywhere in the world in digital formats.
The challenge is to protect this data while it is being accessed and shared between computer systems and people who need it as part of their daily work routines.
So, what can you do to protect your company’s data against data breaches and other forms of online fraud?
Although there isn’t a single technical or processing solution that will eliminate all data breaches or losses, the following 10 Best Practices can be easily applied to any size business which is the first step to minimizing data breaches and fraud.
- Train Your Staff. Contrary to popular opinion, data loss and leakage is not always intentional. Due to a lack of awareness and security training, employees may be sharing confidential or otherwise sensitive information (with no malice or intention to gain something) with colleagues or friends who do not have the legitimate right to obtain or receive the information. Ensuring that employees understand the potential consequences of their actions on the business will help them appreciate the need to always be alert to following company procedures.
- Establish Data Security Policies. According to one 2012 survey 44% of organizations now allow the use of company or privately-owned tablets. Security procedures and policies should be clearly spelled out for employees on what they are expected to do to protect corporate data—when at work, travelling or during their down-time.
- Encrypt Your Devices. Whatever electronic devices your business uses (desktop computers, laptops, tablets, smart phones), always secure them physically whenever possible, and encrypt the data through password protected access. In the case of portable devices, never leave them exposed in an unattended vehicle or while on an airplane/train; watch them carefully when going through security checks at the airport and never leave them unsecured in your hotel room.
- Use Reputable & Dedicated Email Service Providers. Your business data is an asset. Don’t use web-based email addresses to conduct your business or to share sensitive data. Consider using email encryption for particularly sensitive information.
- Limit Collection of Customer Data. The less data you collect about your customer (data that is not part of the public domain), the less chance there will be a breach or loss of it. Carefully evaluate what customer data you collect and why. Think twice about whether you really need to collect highly sensitive data, such as social insurance numbers, which is considered a goldmine by hackers and fraudsters.
- Lock Down Your Accounting Data. Establish rigorous internal procedures for managing all of your accounting practices. Educate accounting employees about data security. Inform them of the some of the more common types of hacking and phishing scams. For example, share with staff what your financial institution will and won’t ask for either by telephone or by email, such as password and account information. Be careful about where you store—either electronically or on paper—banking information, such as account numbers, bank transit numbers, PIN and other passwords. Watch your bank and credit card accounts for discrepancies or irregularities. Again, alert your accounting staff to likewise be wary.
- Change Your Passwords. Regularly change your passwords that you use to access sensitive information. Make them complicated and tough for hackers to crack (combination of upper and lower case letters, numbers, and symbols).
- Dispose of Your Data—Safely. Your garbage is another person’s goldmine, particularly if they can glean credit card or bank information. Even if it is a list of your customers—do you really want that to fall into the hands of your competitors? Not likely. Dispose of your paper and electronic information thoroughly.
- Conduct Data Audits. The ability to save and reproduce digital information and share it is at the click of a button. Thumb drives, CD burners and external hard drives are just some of the many ways that digital information can be moved throughout an organisation, and more concerning, outside of an organization. It is important to know where this data is and why it is being copied, stored and shared. Are all of these digital transactions appropriate? Is your data in unauthorized locations? Your data audits should answer these questions.
- Create a Data Loss Crisis Management Plan. A carefully thought out Data Crisis Management Plan (part of your Business Continuity Plan), will help you cope more easily should a crisis arise. Such a plan will enable you to minimise the disruption of your business, as well as caring for your customers and any concerns they may have.
Protecting one of your company’s most important assets—paper and electronic data—is mission critical. Putting in place data loss prevention procedures and policies is an important way to protect your company’s future and all your other assets.