Small Businesses: Five Simple Information Security Tips to Prevent Data Leaks
|
Sometimes information security is about making small changes to maximise the increase in overall security of your organisation’s data. Small businesses do not always have IT departments, so my view is that security has to be simple and related to what you do and what your business needs to protect.
For most small businesses, this is about minimal cost solutions with the least impact on your normal business processes. The following are five tips to get you thinking and planning to improve your information security:
|
 |
1. Check your data
Determine what information you have and start to look at what you would classify as confidential to your business. This may be obvious things such as Internet bank login details or personal details about your staff. However, think of the other data your business may store: your customer list, your general rates or previous quotations for work, your accounts, your company emails…..
The other information is your non-confidential (less critical) business information, e.g. your past marketing materials or where you buy your pens from.
2. Assess the Risks
When you have established what data is confidential to your business then you need to determine what you most need to protect. This means you need to consider the value for each area of confidential information you have identified. You could do this thinking about: the costs/time involved if they were leaked? Are there any legal implications? Would you lose customers if they found out? How much time would be required to correct it? Would it make it more difficult to find new customers?
This thinking process will allow you to determine things that will cause the highest impacts to your business (e.g. someone knowing your Internet Banking details) and those with a (possibly) smaller impact (e.g. another company finding out what you estimated to one customer).
3. Protect your most critical data
This involves looking at how you use the data you've identified as being high cost (in terms of time, money, reputation, business retention etc.) to your business and looking at simple measures that you can take to reduce the risk of this data being leaked. e.g. locking away crucial business papers within your own premises, don’t write down your password, don’t throw away your confidential papers in normal waste…..
Often one large risk area is when high cost information is removed from your office e.g. on a laptop or a USB memory stick. This increases the risk of it being lost or stolen.
Memory sticks are often a particular problem, they are small and hence easily forgotten about or misplaced. Have you lost one? If you are using them to store high cost information then you need to look at how you can protect this information. There are various solutions to this (usually using a process known as encryption which ‘hides’ the data). Free solutions do exist but do require some technical knowledge to use them. However, there are commercial solutions which do everything for you and only require a user to enter in their password. Hence, even those with basic IT knowledge can use them (these solutions start from around £60 each (October 2010)).
What about Laptops? – if laptops contain high risk data and you are removing them from your office you may need to think about how you will protect the data. Firstly, as a simple (and free protection step) NEVER leave laptops in sleep/hibernation or locked modes. Shut them down and keep them on your person (don’t leave in the luggage rack on the train!). The information on laptops can be protected similar to a memory stick – again, there are various solutions for this, some free but requiring technical knowledge and others that are built into the operating system so that it does it all for you. For Windows, this would mean purchasing Windows 7 Ultimate (or Vista Ultimate) which in October 2010 is approximately £70 more than the normal professional product.
4. Don’t share passwords - It’s free and very important.
-
Only allow the people who need access to high cost information to access it.
-
Don't share passwords or leave accounts able to access high cost information unattended in your office (lock your computer or better still shut it down!).
- Don’t reuse a password – yes we all do it! However, don’t reuse passwords that you use to protect confidential information on any other data or website.
5. Don’t make minimal cost savings which cause a risk your business.
Sometimes it can be tempting to save some money by not disposing of your confidential material appropriately. If the thought of someone rummaging in your bin strikes fear in you (or you don’t know what they will find) – it’s time to buy a shredder (or employ a shredding company).
Don’t throw away/give away/recycle your business phones, memory sticks or old computers/disks. Without these devices being properly wiped/destroyed you could inadvertently cause your company data to be leaked. It may cost you to destroy your digital devices, however, there are various solutions with minimal cost and time.
If you have the technical knowledge you could do this yourself (using software – and/or a hammer (and a good H&S risk assessment!)). However, if you don’t have the skills or the time, there are companies offering cost effective solutions to dispose of your data either via them wiping it for you or physically destroying the device (and you get to watch it chomp through your disks). However, use your common sense - do not send your confidential information via post even if it is to a company for destruction (it may never get there!). Perhaps look at using a company that can destroy your data onsite where you can observe its destruction.
A downloadable copy of this article is available in the articles section of this site.
Note: All Rights Reserved. Sam Raincock Consultancy provdes this article free and accepts no liability for the content, completeness or use of information in the article.
A downloadable copy of this article is available in the articles section of this site. | 
