Protecting your data in the New Year

Protect and backup data to ensure your business doesn't experience downtime in the new year.

As we approach a new year, it’s a good time to take stock of your company’s data protection practices. We’re all familiar with the dangers that hackers present. However, there are other threats to data that we must be aware of as well, some caused by the ways we protect (or don’t protect) data within our own organization. Consider all the personal data that resides within your company infrastructure: potentially sensitive information about employees, including their Social Security numbers, client information (such as credit cards on file), and of course your own company data. No one wants any information like that falling into the wrong hands. With that in mind, we offer a few steps you can take to exercise greater control over your data and protect your privacy.

  1. Begin with a “data discovery.” Create an inventory of what sensitive data exists within your company. This could include customer files and credit information, employee data such as home address, salaries, Social Security numbers, and of course the financials for your company. The data stored at companies varies widely by profession. The medical industry, for example, may have greater levels of data requiring protection. Similarly, a CPA firm or financial institution also may have significantly more sensitive information stored within its infrastructure than, for example, a solopreneur remodeling company. Some industries – medical and financial in particular – also have compliance regulations regarding storage and protection of this information. The first step in securing data is having a complete knowledge of what data you have.
  2. Evaluate and strengthen your company policies regarding the storage of sensitive data. Do you have a strong “chain of custody” as to whom within your organization has access to your sensitive data? The fewer the better. This applies to electronic data of course, but don’t forget the “paper trail” that could also exist within your organization.
  3. We all think of data being hacked or compromised electronically, which is often the case. What are your procedures regarding sensitive information stored on thumb drives, for example, or paperwork? Do these ever get left casually on the top of an employee’s desk, where anyone could have access to them? Sensitive data should be kept under lock and key.
  4. When you are finished with sensitive data that you no longer need, dispose of it – safely and securely. With paper products, shredding is the best way to assure that the information cannot be compromised. Either use an in-office shredder or partner with a trusted firm that will destroy the paper products. The same holds true for flash or thumb drives.
  5. Be certain that, when you upgrade computers – desk units or laptops – that the hard drives for these units being retired are overwritten or shredded. A great deal of sensitive information can reside within the hard drive of every computer.
  6. If you do not have a security system with cameras in place, it is worth doing so.
  7. When it comes to the transmission of electronic data, particularly referring to sensitive information sent via email, encrypt it. That will provide another level of protection for your company and your data.
  8. Many times we will share information in the course of our business day. Be careful, in your use of online services, not to “overshare.” Evaluate the platforms where materials are shared, and determine if they are secure. Sensitive information shouldn’t be shared on a platform where others can access it, such as Google Docs.
  9. Be wary of public networks. It’s tempting, if you have an hour between meetings, to stop at some coffee shop advertising free Wifi and log onto their network. Remember, though, public networks carry the risk that others can see your information. One measure to safeguard in those and other situations is to install a VPN, or Virtual Private Network, which provides a level of protection. There are a number of VPN options available and you can learn about them ideally through a trusted IT partner. Another alternative to public Wi-Fi is to use the “personal hotspot” option on your smartphone.
  10. For both business and personal considerations, examine and review your account privacy settings on your social media accounts, such as LinkedIn, Twitter, Instagram, and Facebook. You have options in each of those platforms as to who can see what you post.
  11. In general, keep your email and phone number private. Or at the very least, create an alternate email, whether that’s a Gmail account, yahoo, or one of the others, that is not your main email address.
  12. There are tools available to help prevent you from being “tracked” when you visit a website. Most browsers keep a history of sites you have visited, and marketers will use the information to target you. There are software programs that can mask that history and spare you unwanted outreach.

This is a good starting point for securing and protecting data. In future blogs, we may discuss additional suggestions. In the meantime, though, if you have any questions or concerns regarding data protection, please contact us,

Happy New Year!