“It is very easy to give less consideration to more the mundane but crucial business matters. Without giving too many football puns, it would be very easy to take your eye off the ball with regards to essential, but less visible concerns, such as the perennial consideration of data protection. However the penalties, be they legal, reputational or relational can be far reaching and potentially ruinous, particularly with the UK and worldwide economy looking to get back on its feet against significant odds.
The Data Protection Act 1998 sets out robust legislation with regards to the security of private sensitive data and gives a wide scope for penalties when organisations fail to meet the criteria. Whilst data protection is especially relevant for professional organisations and businesses, such as law firms or medical establishments, the onus is on all businesses to take appropriate steps and continually monitor the levels of security to maintain Quality Assurance integrity.
The image of data security within the public sector has been somewhat tarnished in recent times with high profile leaks by government bodies being reported in the media, often with the loss of data being from mobile devices that have been misplaced. If nothing else, these events underline the hugely widened scope for the potential compromise of sensitive data through the increasingly mobile proliferation of modern IT networks and data storage.
There are, however, sensible and logical steps that can be taken to physically secure data:
Make sure that passwords are in place to protect sensitive information and that the issuing of such passwords is tightly controlled, with only those that really need it having access to sensitive data.
Limit the amount of data that can be physically copied and removed from designated company sites. This may sound obvious but unless stipulated, many IT networks will not put a physical boundary to employees copying files directly to a mobile device or memory stick. If appropriate, limit the number of physical access points (i.e. USB ports) to the network or instruct the IT manager to amend network settings to manage this.
Where data is legitimately physically removed from the premises on mobile devices (such as laptops, smartphones and memory sticks) make sure that sensitive data files are held in secure, password or encrypted files so that even if they are lost/stolen the data cannot be accessed by unauthorised people.
Naturally the physical removal of data isn’t the only way in which sensitive information can be haemorrhaged – in an age where the Internet dominates business and indeed much of our general lives, it is still a highly potential access portal for skilled ‘cyber criminals’ to infiltrate IT systems with often near-total anonymity. Happily there is a vast choice of Internet Security products which can be used to further safeguard the usual password encryption safeguards which, in much the same way as they do with mobile devices, offer the most obvious and straightforward defence against online threats.
Internet Security software adds a further layer of protection, to combat nefarious ‘spyware’ (software which can be secretly used to spy on details entered by authorised users, such as passwords, to bypass standard security measures) and beef up the protection already offered by good network security, which should already be in place on all organisations’ IT systems.
Protection of data may not be the sexiest business subject, but the consequences of failing to ensure it can be disastrous to your reputation and the company bank balance. With all the numerous IT safeguards available the key is common sense. Data protection has much in common with the protection of any business assets. Keeping the potential for loss to a minimum is as much about good business housekeeping as it is about keeping up with the latest in IT security features. To borrow one more football analogy, it is just as important to stop an own goal as it is to defend against your opponents and you should never be caught off guard.