31st July 2018
How to Protect your Company from Data Loss
Here’s a shocking statistic: there are currently almost a million businesses in the UK who don’t back up their company data. In addition to that, new research has shown that another 2.8 million organisations who, despite backing up, are still at risk of losing their data because they store it in the same location as the original. That means that there are approximately four million businesses in the UK alone who are leaving themselves wide open to their data being lost or compromised, whether it be through a malware attack or a disaster such as a fire.
Unfortunately, while there are plenty of preventative measures that can (and should) be taken against fires in the workplace, that’s not to say that you can absolutely guarantee circumstances won’t permit for such events to occur. Much the same as, if you’re a small business, it can be easy to fall into the trap of thinking that you’ll safely fly under the radar of hackers and data thieves; while in reality, data breaches can happen at any time, especially if you aren’t prepared for an attack. In fact, it’s smaller companies who are more vulnerable than the big guys whose lines of defence are much more robust.
Why is Data Protection so Important?
Hackers are always on the prowl for poorly defended networks and if you aren’t backing everything up securely and remotely or are storing data locally, on compluters or other devices, you are leaving yourself extremely vulnerable and open to attack or disaster.
Data breaches are incredibly serious and cannot be treated lightly. Not only do they mean a potentially significant financial loss to your business and a black mark against your reputation as a company, failing to be compliant of data protection law or being the victim of a data breach can have more serious implications than you might first think:
- Enforcement by the ICO, including;
- Warnings and reprimands,
- Temporary or permanent bans on data processing,
- Order to rectify, restrict or erasure data,
- Suspension of data transfers to third parties; and,
- Fines of up to €10 million, or 2% annual global turnover (whichever is higher) OR €20 million, or 4% annual global turnover (whichever is higher).
- Compensation claims.
How to Prevent Data Breaches
Stating the importance of data protection is all well and good, but none of that really matters unless you actually set down tracks to implement it. So, how do you protect your data?
First and foremost, it’s essential to address any possible password issues. Many companies choose passwords they think will be easy for staff to remember – thus avoiding the hassle of forgotten passwords, numerous login attempts and locked accounts. However, the easier it is for your employees to remember your passwords, the easier it will be for a hacker to crack them.
With hackers becoming all the more clever in their efforts with techniques such as brute force and dictionary attacks, we are reminded of just how important the complexity of your passwords actually is.
Some handy tips to keep in mind when setting a new password are:
- Stick to a minimum of characters – the longer your password is, the more difficult it is to crack. While there isn’t an officially agreed on ideal minimum for passwords, you should try to aim for at least 12-14 characters.
- Use a variety of character types – complexity is measured not only by the length of a password but by using a combination of numbers, symbols, capital letters and lower-case letters.
- Stay away from dictionary words – obvious dictionary words or combinations of dictionary words is a no-go. Try thinking outside the box.
- Don’t use obvious substitutions – for example, using the word ‘p4ssw0rd’ where the ‘a’ and ‘o’ are replaced with ‘4’ and ‘0’ will not give your password strength and hackers rely on these kinds of mistakes being made.
- Reset your password regularly – while it isn’t essential to reset your password, doing so on a regular occurrence (i.e. every 30 days) gives you an advantage over someone whose password remains the same for all account of all time.
The more complex your password, the safer you are from being hacked – however, if you are worried about not being able to remember your password, come up with a memorable way to keep it in your head.
For example, create a password around things about yourself:
I have a cat named Felix, my favourite film is Mamma Mia! and my car is a Fiat 500:
Password: c (car) T (Tiger) f (film) MM! (Mamma Mia!) c (car) F (Fiat) 500 = ‘cTfMM!cF500’.
Up-to-Date Security Software and Risk Assessments
How many times have you been sat at your computer, busy with work when a message suddenly appears – ‘a software update is available’? Nine times out of ten, the bet is that you click ‘update later’ because time is of the essence and you’ll get around to that update when you’re done.
We’ve probably all done it at one time or another. Updating your computer takes time and you don’t want to wait around for it to complete and then restart your machine before you can pick up where you left off. That’s the trouble. It’s that one mistake that leaves us wide open for potential hackers to gain easy access to our private information.
Software updates are important because they usually include critical patches to security holes that we would otherwise be completely oblivious to.
With this in mind, here are a few tips that will help you to remain safe:
- Know that keeping your security software up-to-date is critical and will protect you from the latest threats – if you’re actively aware of the threats, you’re already halfway there!
- Set your computer or device to auto-update or regularly check for available updates if this is not an option.
- Read reviews before downloading ANY software to ensure that it’s safe in the first place. Cybercriminals will use any means to steal your information, including distributing fake applications designed to make you enter your details.
- Carry out vulnerability assessments to review and address any changes or new risks in data protection. Be aware of and consider all aspects such as data storage and remote access for employees when you do and also ensure that your policies and procedures are adequate.
Data Backup and Encryption
Establish a backup routine. If you’re a small business you may find backing up to a hard drive is sufficient enough; however, it’s advisable that you have at least one other means of backing up your data – you know, in case the worst does happen.
If possible, adhere to the ‘30 mile rule’ which means physically keeping backup devices away from the original location to eliminate the possibility of data loss through flood, fire, or theft.
Using cloud-based storage such as Google Drive or DropBox is a reliable and time-efficient means of backing up your data as it removes the need to perform physical backups. Cloud backups keep your critical data secure as they are encrypted before they are transmitted to an offsite data centre, in transit and at rest. Backing your data and files up in the cloud also means that, should you accidentally delete something, you will always have access to it elsewhere. I’d call that a win-win.
Other benefits of cloud backups include:
- Cost reductions.
- Better management of IT resources.
- Improves data safeguards compliance.
- Takes advantage of existing infrastructure.
If you have a LAN (local area network), you could also backup data to a separate server or computer. Again, it is preferable that they are remote and not on the same premises as your original data.
Ensure Vendors and Partners Maintain High Data Protection Standards
Data security is one of the most important factors to consider when choosing who to work with; if you work with other companies who may be handling yours or your customer’s data, you should make sure that they also have sufficient systems in place to protect data. At the end of the day, you want to be able to trust your vendors or partners with your data – just as your customers have trusted you with theirs – so you have a responsibility to ensure that they have a ship as tight as your own.
Interrogate any potential vendor or partner to find out what safeguards they have in place.
Things you should ask include:
- Where will the data be stored?
- Will the data be encrypted?
- How will the data be backed up and will this be encrypted?
- Will regular risk assessments be conducted?
- Who will have access to the data?
- Will any third parties have access to the technology?
- Who owns the data?
- Are they compliant with data protection laws?
- What recovery arrangements do they have in place in case of an IT infrastructure incident?
- Do they offer 24-hour support?
Third Party Data Security Evaluations
Having a third party carry out a risk evaluation allows an objective and outside view of the current breach risks. A Data Security expert can advise you on the best solutions specific to your company, ultimately helping you to reduce the risk of a data breach. Furthermore, taking on a third party to carry out a risk evaluation of your data security processes demonstrates a serious intention to ensure data protection, making you more attractive to potential customers.
Clarisse works as the Lead of our Customer Support Team to provide all of our customers with the very best care and guidance when using their HR software.