Business data security involves safeguarding IT infrastructure, ensuring data integrity, limiting access to authorised users only and maintaining data confidentiality. Small business are widely and increasingly applying security practices, ensuring hardware and media are:
- not stolen or damaged
- minimising the risk and implications of error, failure or loss
- employing strong passwords
- encrypting sensitive files
This ensures their critical data is safe and retrievable should a disaster happen.
Research shows that there are still some gaps in the practices they adopt. Therefore, it’s important to raise some questions here:
- Is your data backup strategy tailored to your business needs?
- Are you consistent with this approach?
If you have any doubts, then you should think about:
- Firstly, where do you backup your information and other valuable data to? – Research shows that many small businesses still backup their precious business data on-site only.
- Secondly, do you have a formal emergency or disaster preparedness plan such as backing up off-site?
- Thirdly, is your staff trained well? Many small businesses allow employees to decide and use their own method of backup.
- Importantly, what policies and procedures do you have in place? Is there a clear and safe backup recovery strategy, if the worst happen?
It is your responsibility to do all you can to protect your business data from being damaged, lost or stolen. You must protect not only your computers but also your entire network and mobile devices too.
A proper backup is only one part of a complete, protection and security strategy. Staff training and vigilance is another. Employee engagement is important for keeping hackers away from your data.
Here are simple things you can do to address the above point:
1. Equipment and Data Audit
If you are unsure what parts of your business are vulnerable then this is the first step. Undertake the audit to assess and decide what data you have that needs to be protected and how the use of your computers, devices and network leave you vulnerable.
2. Staff training
Make your staff aware of their responsibilities. They are your front line of defence when it comes to security and data protection. They can also be your weakest link!
Check how many of them are backing up your information up to USB memory sticks (in an entirely insecure manner) and in then keeping them in the same physical location as their computer.
3. Use strong and multiple passwords
Many of us use simple passwords because they are easy to remember. Simple passwords are easy for hackers (and their computers) to guess.
What’s a “strong” password?
- The minimum length should be eight characters long – our Technical Director uses fifteen characters as his minimum
- It should be a combination of upper and lower case letters, include a selection of numbers and if possible, special characters.
- It should be changed regularly
- It should be known only to the user
Remember to use a different password for every service and if you write them down make sure that that is secure! For example, if you write them in a spreadsheet, encrypt the spreadsheet with a memorable strong password.
4. Encrypt your data
This is a great security tool to use. If your hard drive is stolen or you lose your USB stick, whoever accesses your data won’t be able to read it if it’s encrypted.
Microsoft Office 365 has encryption options for the files and content.
In my next article I will provide you with more simple things you can do to minimise the impact of data error, failure or loss and ensure your small business data is secure and available at all times.
If you have any doubts or want to ask me a question to clarify any of the tips I have spoken about then please email me (firstname.lastname@example.org).