Protecting Small Business Data – Six Steps
by David Zimmerman, CEO of LC Technology International
Even the smallest of businesses relies on data. Whether it’s detailed schematics on a product, a formulation for a new medicine, or a list of customers, data is invaluable. Protecting this information is vital for the success of any small business, but unfortunately data security is often an afterthought.
Here are six best practices companies can take to safeguard data:
1. Create and follow a plan.
Small business owners and their staff members often “wear many hats.” There’s a lot of jobs to be done, and everyone needs to pitch in. This approach helps staff to learn the business and it drives growth, but it’s too informal for data management. Managers and business owners should work together to create formal written plans that detail what information is available, how it’s held, and how it should be stored. Responsibility for every part of the “data journey” should be clear, so staff members understand their role in keeping data safe and using it properly. A detailed plan is also useful for onboarding new hires, as it provides staff with best practices and reinforces the importance of data management.
2. Centralize the data.
After determining the various data sources that are available and should be retained, such as sales information, email responses, and web traffic, then it’s time to gather and store the data. Businesses need a centralized location for the data to reduce the chances of mismanagement. It’s also essential for uncovering insights, as the data should be combined so that analytics tools can find correlations and context that might have previously remain hidden.
3. Backup – and then backup again.
Cloud storage costs continue to plummet as their underlying security improves. Small businesses should not hesitate to use the cloud to hold information, with the public cloud available for non-sensitive data and private clouds for perhaps customer data. Create multiple layers of backups with physical hard drives and cloud services mixed together. Physical storage is useful when internet service is not functioning and provides insurance in case a cloud data center experiences a failure or breach.
4. Maintain compliance.
Target, Yahoo!, PlayStation, and DropBox are just some of the companies that took a major branding hit after data breaches. While these incidents are damaging, they are buffered by the sheer size of the affected companies. A small business does not have billions in capital to help it survive a downturn in business and reputation, so it needs to closely follow the right protocols when it comes to data protection. Small businesses should go beyond the applicable data compliance regulations that govern “personally identifiable information” and other types of data. For example, firms in the healthcare sector must conform to stringent HIPPA guidelines that control how data “moves” between various entities.
5. Manage access and control.
Ideally, the small business will grow quickly and need to expand its staff and product offerings. Expansion means bringing on new employees, and shifting responsibilities for current staff. As employees come on board and prior employees transition to other companies, ensure data access remains secure. Set various levels of access rights to restrict certain staff members from the most sensitive data, but without limiting their ability to do their jobs. Establish monitoring procedures to spot any unauthorized activity, and quickly revoke access to workers that leave the company.
6. Handle devices with care.
Devices such as SD cards and portable hard drives are useful for storing information, but they’re easily exploited and damaged. Establish policies for staff members on the usage of various portable devices. For example, discourage employees from downloading your entire customer prospect list onto a laptop computer. Loss or theft of the laptop means possible exposure of all of that data. Instead, store the information securely in the cloud and access it when needed. Talk to employees about your BYOD policies and explain the security risks involved and ways you can work together to minimize risks.
Small business managers and owners should treat data as a valuable monetary asset that deserves protection and proper management. Firms that follow best practices for data security will benefit from improved analytics opportunities and can greatly lower the risk of a brand-killing data breaches.
David Zimmerman has been in the hardware/software industry for over 30 years, specifically in the data recovery software market for 18 years. During this period, he has been involved in the creation; marketing and support of the earlier drive recovery software products to enter the PC market and successfully marketed them both nationally and internationally. His company LC Technology International makes data recovery products for most of his competitors.
Young Upstarts is a business and technology blog that champions new ideas, innovation and entrepreneurship. It focuses on highlighting young people and small businesses, celebrating their vision and role in changing the world with their ideas, products and services.