An ongoing concern in the modern age is that of identity fraud, data hacking and the many other areas of fall out that come from personal security breaches. A continuing case which has really helped to heighten the concern for personal security is the phone hacking scandal that besmirched the name of British tabloids. However, one of the most common areas of data theft is through security breaches where personal data has been lost or stolen for IT equipment. This can provide costly for a small business not only in the potential money stolen but also through the fines that can be given for not having secure safety measures in place. There are several things you can do to make sure your business does not get penalized as such.
How do these breaches occur and how to prevent them?
The most obvious way is to lose or have IT equipment, such as laptops and storage devices, stolen. These pieces of hardware usually contain huge amounts of detail about their users including, perhaps, names, phone numbers and financial details. However, there are a number of different ways that these breaches can occur. Amongst them are poor management of personal data, a lack of encryption software and viruses.
There are also more malicious ways the data can be stolen. Internal attacks from disgruntled employees at a business you work at or someone stealing customer information for personal gain represent two such possibilities. There also remains the potential for hacking and external piracy which can come from accessing unauthorized websites or through wireless broadband connections and networks. Similarly, infected emails can sometimes access a company’s data and steal information too.
Due to the myriad of ways in which access to personal data can be gained, the Data Protection Act was updated in 1998 in the UK to try and govern the protection of personal information. This means that businesses must now conform to the standards detailed within the act or be at risk of breaking the law. It is now a criminal offence to lose personal data and, if found guilty of breaking these laws, a person can face a prison term of up to two years. Other punishments include fines and of course, on a more informal level, the damages that can be done to a company’s reputation.
In order to prevent these fines and losses there are a number of different actions that can be implemented. First of all it is imperative to ensure that all of your employers are up to speed on the latest ways to safeguard their own information and that full training must be given regularly. Each member of staff must make sure that they do not ever share their password and that it is changed on a semi regular basis to make extra certain that no one can figure it. As well as not sharing passwords, extra diligence must be made to not allow potential sources of leakage such as USB drives or external hard ware contaminating a centralised system. Software should be kept up to date too; try to be sure that the company is using the latest security protocols and Anti Virus protection software. Similarly encrypt all your data to make sure that if, for any reason, it does fall in to the wrong hands then it cannot be distributed to unauthorized sources.
Critical data should make sure that effective encryption is in place so that it cannot be bypassed by taking physical possession of the device or by writing to the external devices. This procedure should be easy for all of your staff to use, efficient but also not easy to figure out by a third party.
This was a guest post by Kieron Casey.Kieron is a BA (Hons) Journalism graduate who blogs regularly on IT solutions, networking, technology and recycling. He is writing on behalf of Equanet.