|
Newsletter |
 |
|
Data security is much in the news these days, with governments losing tax payers' bank account numbers and social security numbers, retail companies having credit card details stolen by hackers and defence laptops being left in taxis. Every week there seems to be another story about a high profile data security breach, and for every reported high profile breach there are probably 100 unreported lower profile ones.
Andy Grove, CEO and then Chairman of Intel, was famous for his mantra "Only the paranoid survive". So how worried should an ordinary business be about data security? As Really Simple Systems is charged with the security of hundreds of customers' data, here's our advice on how to put it all in perspective.
If you lost your customer data, your business would be severely affected with billing, delivery and selling to prospective customers suffering. It has been known for companies to have gone bankrupt through running out of cash because they couldn't raise invoices after a data loss. The standard way to protect against this is to have a well thought out and tested backup policy. However, many people who have suffered data loss and thought that they were protected found that when they went to restore their backups the system had failed - the tapes were blank, or corrupted, or not all the data had been backed up, or the application that read the data could be not be restored. The only way to make sure that your backup procedure is working is to restore the back ups to a duplicate system and make sure the whole application works. Don't delete your live data and then try a restore, if it fails you have lost the only copy there ever was!
If your data fell into the hands of your competitors, criminals or the press, how damaging would that be? Well, it depends on what your data is. If you hold credit card details, or details of defence contracts, or are Boeing and details of your commercial negotiations fall into the hands of Airbus, then it would be very damaging indeed. We'd like to think that the Really Simple Systems customer list is valuable, but the reality is that the value to a competitor is limited: we have no great commercial secrets, most of our customers and prospects know who our competitors are anyway and would be talking to them if they wanted too, and much of what we do (customer list, pricing) is in the public domain. It could well be that the news that you have lost data would be more damaging than the actual loss of data itself.
Although hacking does happens, especially for credit card and banking details, most data theft originates from within an organisation with sales staff taking data to their next employer, disaffected IT staff tampering with data or employees being bribed by competitors or criminals. The best way to protect yourself from this is to restrict staff access to data, and not to keep too many copies lying around.
You can set applications up to limit staff access to only certain records, and in some cases to be able to see data on the screen but not download it (Really Simple Systems allows this). Unfortunately it is impossible to protect data from IT staff, by the nature of their job they have access and if they don't it is much easier to hack from inside the firewall than outside. If you can, try to restrict password access to only the most senior IT staff - but make sure another senior manager knows them in case that person gets run over by the proverbial bus.
It is easy for staff to copy data locally and then take it away. It used to be fashionable to seal up floppy disk drives so staff couldn't use them, but USB flash drives have made it difficult to stop copying.
Reminding staff when they leave as to their legal obligations helps too, especially when they are signing off their final payslip.
Don't keep credit card details, access passwords and other confidential information in a general system. Keep such data in a separate, much more secure, system.
If the data is sensitive, disguise the data with code names. It is common practise with merchant banks and legal firms to disguise their clients' names, "just in case".
The more copies of the data you have, the greater the chance that data will leak. If possible don't keep copies of important data locally on laptops, keep it on a server and access the server from the laptop.
If you need to send confidential data, don't just burn it on a CD and mail it. Firstly, send only the minimum quality of data, don't send unnecessary fields and details that aren't needed. Secondly, encrypt the data and give the password to the recipient using a different communication medium to that used for sending the actual data, ie if you email the data, call the recipient up and verbally give them the password. Finally, don't use mail or a courier to send a CD, email or (better) ftp the data over a secure connection.
In a variation of data loss, some of your data can be corrupted but the corruption is not noticed for some time. Then the dilemma is how to tell what records have been corrupted, for how long and whether to restore the system from an old backup and then try to apply all the intervening updates, or to try and identify the corrupted records and just restore them from a backup. Again, the only way to minimise the damage is by taking regular backups and archiving them on a daily or weekly basis (like we do).
Additional factors when considering data on hosted systems are: who is the legal owner of the data (Really Simple Systems holds each customer's data in a distinct database, and specifies legal ownership as vesting in the customer); compliance with EC Data Directives (it is illegal to hold data on EC citizens outside of the EC without their permission). Many people are concerned about letting a third party host their data but having read the above you may believe that your data would be safer hosted within a secure application, on servers well away from your own staff, and backed up professionally.
For more information about Really Simple Systems Hosted CRM, click here.
After three years of stellar growth Really Simple Systems is now the largest UK vendor of hosted CRM systems, with over 600 users across every sector from finance to government.
Really Simple Systems now has an office in Sydney to service our customers in Australia, New Zealand and Singapore. More details here.
Help a friend or colleague, point them our way and we’ll send you a couple of bottles of our favourite Hunter Sauvignon Blanc from New Zealand for your trouble.
With over 600 users, Really Simple Systems is now the largest UK provider of online CRM. Really Simple Systems offers straightforward, easy to use hosted CRM systems to companies of all sizes. Find out more about how simple CRM can be by clicking here.