As a business owner, you need to take data security seriously. This is especially so in today’s world, where businesses have become very reliant on computer systems. Whatever the nature of your business, there is a high probability that you use computer systems in it. It could be a simple computer system. You know, one where you have a single computer, on which you manage the business’ financial accounts and inventory. Or it could be a complex computer system. One in which you have hundreds of networked computers, complete with an element of cloud computing. Either way, you’d have to take data security seriously. You can’t afford not to. The consequences of a data breach can be too dire.
The owners of small businesses I work with often ask me about data security. They often pose the question as to how they can protect their business data, without spending too much money. I am unable to keep track of the number of times I have been asked this question. And that is why I chose to focus on the subject of business data security, in today’s article. Accordingly, I will now proceed to outline some 10 ways in which you can protect your business data. The list is by no means exhaustive. But if you implement these 10 measures, your business data will be ‘largely safe’.
To protect your business data, you need to:
1. Ensure that sensitive data is encrypted.
This brings about a measure of security. Once the sensitive business data is encrypted, it will have to be decrypted, for it to make sense to whoever comes across it. And to decrypt it, a ‘key’ will be necessary. That would be a huge obstacle to any intruder. Of course, this measure is not 100% fool-proof. Encrypted systems can still be compromised. But beating encryption is too much work. The person who is trying to do it may be discouraged, along the way. Unless the saboteur is very determined, they won’t be able to beat a proper encryption scheme. To put it simply, once you encrypt sensitive business data, you secure it substantially. You should, at the very least, make sure that sensitive business data is encrypted, before being transferred online. That way, there would be some reassurance, even if it is intercepted. The person intercepting it wouldn’t make sense of it easily.
2. Use central storage for sensitive data.
This is a better idea than having sensitive business data stored in employee’s personal computers. Or laptops. Once you have the data in central storage, you can activate the system logs. That way, you can be able to know who accessed which data, and when. Then you can make all people in your business aware of that scheme. It would serve as a deterrent against internal data breaches. The central storage could be an on-site data center. Or it could be an off-site data center. For a small business, you can just identify one computer, and designate it as ‘central storage’.
3. Disable USB ports on your business’ computers.
If the USB ports on your business computers are enabled, it will be very easy for the business data to be stolen. One just needs to plug in a USB storage device. Then he can copy all the data he needs into the device, and proceed to sell it to your competitor. Or to misuse it in some other way. To prevent such occurrences, it would make sense to disable USB ports on the machines used by rank and file employees. Resources can be shared over the network, making it unnecessary to keep the USB ports active. In any event, the USB ports can be enabled temporarily, whenever need to do so arises. Then they are disabled once again. It can be a very prudent security measure. Especially in systems where some data has to be kept on employees’ PCs.
4. Ensure physical security of the business computer systems.
Sometimes, people who wish to steal your business data may opt to do so crudely. That by way of simply carting away the computers containing the data! So it makes sense to put in place physical security measures. This way, you also guard against malicious sabotage. A saboteur may not be interested in stealing your business data. Rather, he may be interested in simply destroying the data. Say, by physically accessing the computer on which the data is stored, and setting it on fire. Or by physically crushing it. Don’t underestimate human malice… But if you put in place proper security measures, you reduce the probability of these things.
5. Back up the data regularly.
This way, you can be sure that even if the data is lost in some way, there is the back-up to rely on. It would be even more prudent if the back-up is off-site. That way, even if something happens on-site, you’d have the off-site backup to fall back on.
6. Make employees know that you take business data seriously.
This is something you should do during employee orientation sessions. And it is also something you should do on an ongoing basis. You need to make it abundantly clear that business data is an important resource. One that you don’t mess around with. Remember, your business’ employees will be important allies, in your effort to protect business data.
7. Train the employees on how to protect business data.
You should have tutorials where you train the employees on data security. You should ensure that the employees are reminded about data security during ‘refresher’ courses. As we have already noted, the employees are important allies in your effort to protect business data. Without their help, you may not be successful in protecting business data.
8. Make an effort to hire employees with good characters.
Here, you need to avoid hiring the sorts of people who would be inclined to steal your business data. And maybe sell it to your competitors. Or the sorts of people who would allow malware to infiltrate your business’ computer systems. So it becomes necessary to assess people carefully, before hiring them. This may be yet another reason for you to carry out background checks, before hiring. Especially when it comes to employees who will be handling sensitive business data.
9. Set up proper authentication measures for your computer systems.
You need to have a system where people have to log in, before accessing any sensitive business data. For the most critical data, two-factor authentication may help a great deal. You could even go as far as having biometric login systems. All depends on the sensitivity of the data you are protecting. With proper authentication measures, users of your business’ computer systems have a deterrent. They know that there will be records of whatever they do on the systems. And an outsider trying to infiltrate your system would have a harder time. He would first have to go round the authentication protocol. Going round a proper authentication system is too much work. The intruder may give up in the process. Or he may be detected in the process. Either way, it would serve to enhance the security of your business data.
10. Use reputable data-related service providers.
Here, for instance, we are looking at reputable cloud storage service providers. That is, in case you are using cloud storage. And reputable web hosting service providers. That is if, for instance, you have your business databases online. And, at another level, reputable vendors of computer hardware too. You know, the sorts of people who won’t introduce backdoors in their systems. Backdoors that can be subsequently used to steal business data… All in all, it makes a lot of sense to work with reputable data-related vendors. Your business data would be securer that way.