We have all heard the saying ‘Do you know what your children are doing tonight?’ and like all people you would say yes, but do you know what your data does at night. Just like parents and their protection of their children, as a business you really need to protect your data and that means all your data. The most common response that I have heard when I ask ‘What are you doing to protect your data?’ is ‘Well, I have antivirus and a spam filter’. While this a piece of the puzzle of protecting your data it a small part of the total puzzle that you really need to put together.
Data protection has two aspects to it, protecting against data loss and protecting against data theft. As unbelievable as this may sound data loss and data theft are in most cases due to employees. In the case of data loss it is generally a mistake but theft is a deliberate act. While it is impossible to completely protect against either scenario, you can take steps to make sure that the impact to your business is minimised as much as possible.
Part of any strategy to protect your data is backups. Here are some simple backup strategies that can go a long way to make sure your data is protected.
Backup your server! Your server should be a central location for all documents, information and services (email, accounting, etc) that your office uses. A business should at least be backing up the server every night. Whether you are backing up to tape or external hard drives, the backups from the night before should be removed from the office every day and returned to the office the next day. At the least you should have a 7 day rotation of backups so you are able to go back and restore from a week before. If you want to be more prudent, you can have a weekly, monthly and yearly rotation. If you use a central email server, this can be backed up at the same time.
In a perfect world, backing up your server would be all you would need to do to protect against data loss but most employees will save important documents and information to their desktops. Also, most small businesses will not have a central email server internally so in most cases email will be saved to the desktop as well. So how do you get around this? Well you can setup the desktop to have the save location set to a location on the server, but this won’t always work. A simple solution is to setup a Scheduled Task on the desktop to run a backup of the common locations where documents are saved i.e. the desktop or the Documents/email folder and have this backup saved to the server. This can then be backed up as part of your server backup routine.
What about laptops I hear you ask. The great aspect of using a Scheduled Task is that they can be setup to run at different times and have some redundancy in them i.e. they can be setup to run the next time the computer is logged in. In saying this, the biggest issue with laptops is the fact that they are portable and therefore easier to steal. To minimise risk of information being retrieved from a laptop that has been stolen, make sure that the user of that laptop has a strong password, one that contains letters and numbers and even special characters and that the person using it does not provide their password details to anyone else.
Data access is another area that you need to look when working on data protection. If there is no reason for someone to have access to certain information, then make sure they don’t. All computer systems come with access levels so make sure you use them correctly. You can setup security down to a file level. When setting up a user on your network, make sure you have a clear understanding of what level of access you want them to have.
Client databases are possibly the most important information that any business has. If you are running a CRM system you may back this up as part of your nightly routine if the system is installed on a server in your office. If it is hosted by your CRM provider, they will have a backup routine that will protect you, but it is always a good idea to see if you can run an export of information that you can store on your servers. But what about protecting against theft of information from the employee that is about to leave. Here are some suggestions to help protect you against CRM theft and data loss:
- Ability to Export Information – Most CRM systems give users the option to export or create reports on client data. Protect yourself by reducing who has access to this feature and in some cases minimise the information that they can see.
- Changing data – There is always a need to update information but not everyone in your office should have access to do this. Reduce your risk exposure by reducing the amount of people that have the ability to add, update or delete information.
- Backup! Backup! Backup! – Backup this information as much as you can. I cannot put enough emphasis on a good backup routine.
While both of these will go a long way to helping you protect your data, another step that will minimise the accidental loss of data is employee education. I find that most companies do not put enough emphasis on the importance and potential disasters by staff actions. If you educate your staff on these matters, it will make them appreciate more their actions and the potential issues they can cause.
As with all aspects of your business, a thorough analysis of your requirements is needed before you undertake any of these tasks. Determine how long you can be without something, what it would mean to you if you lost it completely and how valuable the information would be to someone else. Once you have determined these, you will realise how important that data is to your business and exactly what your requirements will be for all of your data. A little forethought now will save you a big headache in the future!