Data breaches cost businesses many millions of pounds every year...
1. Employee access
It is essential to put limits on employee access to client information. Computers and servers with password protection will ensure this, but remember to change passwords and access rights when members of staff leave your company - particularly if you store data in the cloud. This will make sure any disgruntled ex-employees cannot access, steal or delete your clients' private data. Make sure passwords are obscure enough that they cannot be guessed, incorporating symbols and numbers. As well as company policies for collecting, storing and using sensitive data, you should also have policies in place for purging outdated or old information.
2. Security software
You can never have too much security protection; hackers are constantly on the search for easy targets and are finding new ways of accessing information. If you have multi-layered security software in place, it will be much harder and more time-consuming for them to reach sensitive data. Firewalls and anti-virus protection on all devices used by your firm will help with this. You should also employ encryption protocols to make it difficult for them to view the data if they do breach your security - by scrambling the information, encryption software is able to make sensitive data unreadable to anybody without the decryption password.
According to virus experts, more than 200,000 new malicious programs are detected and blocked by their software every day. This gives an idea of the fast-moving nature of malware. Although it can be time consuming, it's imperative that not only security software, but also operating systems, are updated regularly to protect against the most recent malware. This goes for all devices - desktops, laptops, tablets and smartphones.
4. Remote wiping
Firms are moving towards using mobile devices as part of their daily activities, and this presents a new range of risks. Having a laptop stolen or leaving a tablet on public transport could see sensitive client data fall in the wrong hands. Remote wiping software can delete this data and potentially stop this issue. Apple offer users a remote wipe function as standard (provided devices are signed up to iCloud) and Google offer a similar solution via the Google Apps Device Policy app.
5. Choose a reliable cloud provider
If you store much of your client's data on the cloud, make sure you choose a reputable and secure solution. Google and Apple both offer leading security for their cloud solutions, and you can purchase more storage when necessary. If you would prefer to keep your data on your own private servers, choose a well known hosting provider or, if you have the budget to do so, consider hiring an IT consultant who can provide you with some options.
© 2017. All copyright is owned by Professional Indemnity Insurance Brokers Ltd. This guide is intended for information purposes only. It is not and does not purport to be legal advice. Whilst all care has been taken to ensure the accuracy of the information it is not to be regarded as a substitute for specific advice. This guidance note shall not be reproduced in any form without our prior permission.