Last month our blog post looked at why a business should go digital and how to successfully manage this. However, there are inevitable risks that come with moving and storing information online, and we wanted to take a closer look at the types of data you might be moving and how to ensure it stays secure online.
For many businesses data is the key to their success. Whether this is client details, a customer database, the business’s financial records or your marketing materials, they all contain key and often confidential information that it is your duty to protect. Before making the move to digital, it is worth taking the time to look at the data you have and assess it. Think about how valuable it is to your business, who has access to it and how often do they need access to it. Knowing where the data is stored is crucial as these days many businesses store different types of data in different locations; your customer information could be in a CRM, financial records could be on central servers while staff members could be storing details on their individual computers or even smartphone. For each type of data you store, you should know where it is kept, who has access to it and whether or not it constitutes personal data under the new GDPR. If so, you need to ensure that you are adhering to the six key principles of data protection under GDPR.
Once you have assessed what data you have, where it is stored and how to access it, a risk assessment will help you put together a disaster recovery plan. The word may sound a little dramatic, but if a business loses key data then the business could find itself losing financial viability. In a digital world, it can only take a few clicks for a staff member to completely erase a database by accident. Looking for software that contains an undo or rollback function can help to mitigate this, while ensuring that you implement and follow a regular back-up schedule to different servers or storage will help minimise any damage from possible data breaches.
Ultimately though, the way that you store your data will be the key to keeping it secure. As a general rule, storing data in one place reduces the chance of it being lost due to theft or human error. All essential data should be moved to and stored on one central server, with employees actively discouraged from storing any important details on their work computer or devices alongside being made aware of the vulnerabilities of removable storage devices such as flash drives. You could also consider disabling the USB drives on staff computers to avoid accidental or deliberate downloading of client data.
However, while storing all of your confidential data in one place is generally advised, it does mean that there is a single point of failure, so all your data should be backed-up or mirrored to a different location. If the data that you store does not change on a regular basis or is archived, consider downloading to LTO tapes and storing offline and offsite in a secure storage facility such as the one that we offer. Our storage facility is climate controlled with CCTV coverage and if your tapes are individually labelled, we can retrieve any requested tape and deliver to your office. We’ve also recently undergone a repeat assessment for our ISO 27001 certification, so you can rest assured that our procedures adhere to the international best practices for information security.
We hope you’ve found this blog useful and if you’d like any more information on the services we offer, please just drop us an email to firstname.lastname@example.org or call 020 3234 0090