When your business has and is entrusted with secure data, you bear a serious responsibility for keeping it safe from mishandling. In a previous article, "Cyber Security - What Could Happen to Your Data?" I discussed potential threats that could put your business and your clients at risk of loss of both financial security and reputation.
No method of securing data, unfortunately, could be considered foolproof. The reality is that we live in a world susceptible to the imperfections of technology and of human nature. The best we can do is be aware of potential areas where data breaches can occur and do all we can, at any given time, to make data as secure as possible. It is recommended that you review and assess your data security regularly to ensure the information is protected utilizing the most current technology and protocols. A professional security audit can help make you aware of any holes in your process so they can be patched.
Consider these issues when assessing the security of the data you store:
- What data is collected and why? Collect and store only information you need. Why store (and put at potential risk) more data than you need?
- Where/how is data stored? If stored physically (on paper or on computers), is it in a secure location where it won't be damaged, lost or stolen? If it's stored virtually (on remote servers "in the cloud,") is it safe from physical damage or cyber attack?
- How can it be accessed? Is your physical data kept in a locked cabinet or room? Is it password-protected with a unique, strong password? If stored virtually, do you have the access you need to ensure that data is backed up or purged as necessary?
- By whom can it be accessed? Who has a key to that cabinet or file room where data is stored physically? Who has (or still has) a password to gain access to secure information on computers or remote servers?
When dealing with data, it is oftentimes the best policy to have the least contact with it as possible. That's why if your company conducts these types of functions, you possess data that would be devastating to mishandle, such as:
- electronic payment processing
- store client files and intellectual property
- store employee information
- store account information and passwords
- store banking or financial information
A blend of security education, common sense and technology is the best defense against data breaches. If you don't feel capable of handling data security in-house, outsourcing the task to the professionals may be your most prudent option.
Leaving Data Security to the Professionals
When outsourcing the handling of secure data to professionals, ascertain their procedure for safeguarding the information. Ask them about their:
- Physical security protocols - These refer to the steps they take to make sure the data remains physically secure. Are there procedures in place to prevent damage to their infrastructure due to fire, flood or other physical disaster? Are there redundancy steps in place in case of power failure or breach of a firewall?
- Data encryption - This is the process of "disguising" data (like in a secret code) so that to look at it without the "key" renders it meaningless. Make certain that you are satisfied with the way your data is encrypted to assure you that it will remain secure from unauthorized viewing.
- Schedule of backups - Backups capture your data at a given point in time. Should something compromise your data, it can be restored to its latest backup to minimize the overall loss. Be certain the professional service backs up your data often enough to meet your needs and comfort level.
- Policy on allowing you to access and backup information at any time - Even if stored remotely with a professional service, it's still your data and you should be able to access and back it up whenever you want or need.
Data loss can occur due to human error, malicious cyber attack, physical damage or technology breakdown. No matter the cause, it's a serious situation when it occurs. These considerations will help you to safeguard data - yours and/or that of your clients - and maintain the good standing of everyone's finances and reputation.
How do you protect the secure data with which you're entrusted?