As the issue of protecting data and dealing with data security breaches takes on an unprecedented importance for small and medium sized enterprises (SMEs), a legal expert is urging companies to assess the sensitivity and importance of their data.

A recent survey by data protection firm Shred-it has revealed that SMEs are putting their businesses at risk - and could also be damaging larger firms they supply services to - by not taking sufficient preventative measures with their data.

Five steps to best practice on protecting data

1. Set up a robust data protection policy
Whatever the size of your business, it is vital that you examine your data and create an appropriately robust data protection policy. Appoint someone to be responsible for information security, communicate the policy clearly to your staff - and encourage data security awareness across the business. Also back up your data regularly.

2. Include mobile device security in the policy
These days many employees hold company data, including contact details, on personal smartphones, tablets and laptops. Protect your business against loss or theft of such devices by making staff aware of how to operate and safeguard their electronic devices off site using security password protection. Ensure important confidential data is password protected and/or encrypted on your system and minimise the use of portable devices like memory sticks to store data. Look into using or installing disabling or tracking equipment, where appropriate.

3. Consider using a third party provider for data security
If you appoint an external provider for secure bulk shredding of documents and destruction of old IT hard drives - you are responsible for ensuring they act properly - so always carry out due diligence on their credentials and processes. Ask to see their data security policies, require them to complete detailed questionnaires on how they will carry out their duties, conduct regular site visits to your third party provider and reques t testimonials from existing clients before you appoint them to do the job. Put in place a contract confirming the data security standards with which they will comply. Include an indemnity in favour of your business to protect against data security breaches. Doing so ensures you can recover your losses, should the provider breach its data security obligations.

4. Protect data against accidental or deliberate data sabotage
Implement adequate systems to protect your IT systems. These include antivirus software and spamware, back-up systems and controlled access to sensitive areas of the business by anyone from outside the organisation. You may want to restrict personal use of computers where this may increase the risk of virus infection or spam and ensure that staff know what they can and cannot do with data they have access to.

5. Have a plan in cases of data security breaches
In cases where data is lost or stolen, the employer is liable for actions of its employees and should respond to any situation quickly and effectively. As the employer being held liable for the breach, your company would also be named in any negative publicity. To deter against this have employee policies and guidance in place on the use of data. If an employee breaches these policies the employer may look to discipline or dismiss the employee.

 

By Keeble Hawson, one of the biggest law firms in Leeds, Sheffield and Doncaster and is at the heart of the business and wider community.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus