Keeping your business data secure is vital. From your financial records and marketing materials to your customers’ banking and staff details, protecting the data that you store online is critical to the success of your company.
A security breach can happen to any business, no matter how big or small it is and securing the data you store online is no easy feat. Here are the four key steps you need to take to safeguard your online assets:
1. Understand your risk and the data you need to keep safe
First take a look at all of the data you hold, whether it’s your financial records, customer information or supplier details. Determine how sensitive each type of data is to your business, record where it is stored and assess how likely you are to suffer data loss or leaks to hackers and viruses.
Pay closest attention to your most confidential data such as financial accounts and customer records; you have to protect their data by law so start there. You should keep a comprehensive record of where all of your data is stored, how often it is accessed and who by, which you can then use to identify risks in how your business handles data.
2. Protect your network
Start by protecting your network from malware – this is malicious software that can cause damage without you knowing. Apply a firewall and buy security software that goes beyond a firewall’s standard protection to better guard your network against hacking, identity theft and suspicious websites.
Choose software that includes location awareness and can keep tabs on all devices so that your employees stay protected wherever they are and whatever device they’re using. The number of employees bringing their own devices to work is growing rapidly so be sure to develop a Bring Your Own Device plan and implement mobility management solutions and technologies.
Select security solutions that can automatically update to protect against the latest threats; you are only as safe as your last update. Consider working with a security specialist whose core business is focused on security, who understands a small business’ unique needs and comes with a proven track record of defending against multiple threats.
Next look at where you store your data. It’s often best to store data in only one place but in case your server breaks consider mirroring the data elsewhere and ensure you undertake regular backups. Educate employees on the critical importance of not putting confidential data on their own computers – a virus on just one computer could cause untold problems for your company.
Also consider encrypting your most sensitive data and install physical security procedures for servers that are kept in your building.
3. Control data use
Make sure every employee only has access to the data they need to do their job to minimise the chance of anyone accidentally changing or deleting things they shouldn’t. Microsoft Windows and many CRM systems allow you to grant different users different levels of access.
Also ensure that everyone in the company knows how to encrypt important data and enable security protocols such as SSL and IPSec before transferring it online as well as using the proper methods for transferring it. If you are transferring data to a third party ensure you both comply with data protection legislation and only hold on to data for as long as necessary.
4. Train your staff
Up to 80% of all data loss is caused by human errorand training on this topic is key. In addition to using software with backup functions, you’ll also need to train your staff on best practice and the implications should confidential documents get leaked.
Tell staff what they can and cannot use their company computers for as well as which applications should not be downloaded to a company computer. Educate them on what types of emails should not be opened or sent and set up an accessible email quarantine for any emails that look suspicious before they ever reach their inboxes; it will take staff some time to retrieve emails that turn out to be safe but prevention is better than cure.
Send employees details on a regular basis with the latest versions of software they use and instructions on how to download new versions.
Finally, make them create strong passwords that are at least eight characters long with a mix of letters and numbers. Change your passwords regularly and use secure password managers so that people don’t have to remember them.
Ultimately, data security is everyone’s responsibility on some level, so involve your employees when creating new security measures and make sure you’re not compromising ease of use or hindering someone’s ability to do their job when implementing a new procedure.
Help your workforce to understand how important data security is by making policies and guidelines available to all staff and providing training on data protection law and how procedures should be implemented.
Handling sensitive data online correctly is vital for your business to retain its customers’ trust and loyalty, not to mention exercising due diligence that will keep you on the right side of the law.
As with any aspect of your business, seek feedback on how well your security guidelines work in practice and be sure to review and update them regularly to keep up with changing technologies and best practices.
As CEO, Rob is responsible for the leadership and management of Liberis, with a focus on providing fairly priced, flexible finance, delivered responsibly.