Small businesses face unfamiliar challenges as they move into the online marketplace and security gains a new dimension.
The good news is small business owners are already familiar with passwords, pin numbers and identification checks and will understand the perspective presented here supported by UK legislation. While it is easy to feel overwhelmed-once it is understood; it becomes second nature.
Knowing the features of fraudulent activity on the internet and train staff to spot it. Reduce the likelihood of being tricked. Above all know that anyone could gain malicious access to your systems at any time.
It is important to use professional help to enhance some systems and understand what the professional is telling you.
The threat of being conned or hacked is sufficient enough most SME’s use anti-virus to ensure Information Security. No system is ever 100% secure, it is impossible. Some owners believe there is no need for experts because they can do it themselves or think experts are no guarantee, this is fine but these people inform us of new events and trends taking place.
The Data Protection Act 1998
The aim is to protect peoples and businesses data but also businesses and people working with data. It is important employees and small business owners to know the law and are trained to understand what it means. Protecting your business is the first step in protecting others.
The threat spectrum is difficult to defend against. Another way of saying number of attacks are rising, organised crime more involved, and nation states adapting technological warfare through the internet. Data security is more sophisticated than ever. Every honest business is in the same boat and wants to do the best.
MCA 1990 sets out the laws governing the use of Computers. It can help you design policies, protocols and procedures for using computers and dealing with infringements. It is a duty to do this, not just good practice.
Training based on MCA 1990and DPA 1998 is advisable.
What does this mean?
Using technical software such as antivirus and predefining settings on operating systems limit depth of access people can have. Download updates from software manufacturers because they lower weakness in the software.
Furthermore sending sensitive information outside EU jurisdiction has to be permitted; the recipient must be able to meet the same standards as EU law. Encryption software should be used when sending sensitive material. Making it harder for predators to get what they want is the biggest deterrent to them.
Other Material Demands:
Implement differing levels of access to different areas (security clearances). Store customer’s sensitive details on a separate hard-drive, keep it backed up, and off-limits to irrelevant parties. Back-ups are best kept off premises and on physical devices but do use online storage too. Be aware that smartphones and tablets are less secure than thought. Diligence should be maintained.
Master-keys and Password Rotation
Use different passwords across the system because this removes unnecessary master keys. Understand what makes a strong password and apply the knowledge. A password rotation system should also be used to lower predictability. Using up-to-date knowledge helps show the business was doing all it could in the event of a breach.
The Data Protection Act 1998 says what is necessary for collecting data. It also tells businesses what to do when data has incorrect records. Having consent and ethical standards is paramount to good Data processing. Younger people are well versed in this Act so it is wise to make sure they are not unduly alerted by your business, on the other hand criminals could be able to judge how clued up you are and see gaps in practice as ways into your business IT.
Perhaps the trickiest thing is to balance convenience with good security because stronger IT security usually reduces convenience. However there should be no mercy when it comes to the data of customers and clients.
It is important to acknowledge how important IT Security is and address any concerns because if it is ignored, you waste time and put innocent people’s data at risk from criminal enterprise. Using professional services really is an investment.
More information can be found here: UK Information Commission