Taking basic steps to ensure your IT system is secure is essential. We all know the importance of having a firewall and a data backup system, but it's easy to slip up elsewhere and leave your firm exposed. Make sure you aren't making any of these common mistakes with your IT security
1. Failing to test your backups
It's a nightmare scenario: your server has crashed, taking vital data with it. And when you reach for your backups, you find the files are corrupted.
"Businesses rarely check that they can restore data from their backup copy," confirms Trevor Wood, consultant for Network Midlands. "For example, one of our clients had been backing things up religiously, but when they needed to restore the files, they found they hadn't been saved properly."
If you back up manually, the failure is most likely due to human error. You are bound to forget or be too busy at some point. Consider switching to an automatic cloud backup system which will copy your files to a server on the internet.
If you're taking regular data backups, test them periodically. "At the very least spot check: make sure you can recover the odd file here and there," advises Trevor.
"It's a good idea to try doing a full restore, too ― use your backups to recover all your software and data onto another computer to make sure it looks the way it should. A good IT supplier should be able to help with that."
2. Not protecting mobile data
From smart phones to laptops and mobile devices, greater use of mobile technology means you may be carrying a lot of valuable data when you're out and about.
The obvious precautions are not always adequate. "Most people have a password on their laptop, but if I stole a laptop I could use a screwdriver to remove the hard drive then plug it into another computer to get the data off," warns Trevor.
Use encryption to scramble your files so nobody can read them, even if they pull the hard drive out of your laptop. "Some versions of Windows offer encryption, or you can get free software, like TrueCrypt," advises Trevor.
You should also minimise the amount of data you keep on mobile devices. "Access the files you need through Wi-Fi or a mobile connection," suggests Rob Franklin, director of JPT Solutions. "That way they won't be stored permanently on your laptop or mobile phone at all."
Consider using mobile device management software too. It will allow you to wipe the data on your mobile devices if they get into the wrong hands or are lost.
3. Choosing the wrong cloud computing service
Cloud computing is a way of using the internet to store data and carry out tasks that you would otherwise do with your own computer. Many businesses are moving to the cloud, attracted by its low upfront costs and inherent flexibility.
However, if you use cloud computing services that run on servers outside the European Economic Area (EEA) to store personal data ― such as the names and addresses of customers or employees ― you need to ensure you comply with data protection rules.
Under European law, companies may transfer personal data to such countries only when an adequate level of protection is provided. "A number of services are based overseas," points out Trevor. "Although they are secure, legally you may not be allowed to use them to store some kinds of data."
Ask providers where their servers are located. "Get them to put in writing that they store your data in the EEA," advises Trevor.
In practice, many cloud computing services outside the EEA operate from servers in the USA. If this is the case, make sure the provider is signed up to the EU-US Privacy Shield. This guarantees that they meet European Commission requirements.
If your cloud computing service is based in another part of the world, it's wise to seek advice from the Information Commissioner's Office (ICO) before proceeding.
"Businesses which transfer data overseas need to be sure it's as secure as it would be on their own premises," warns an ICO spokesman. "But we'd only prosecute if it became evident that the business was not compliant with the DPA ― so didn't have a contract in place, and hadn't carried out checks to ensure that the cloud service provider had adequate security."
4. Letting employees walk off with your data
"Most businesses take steps to secure their physical assets ― they lock the door, set the alarm, and so on," offers Rob. "But often those same businesses won't secure their data.
"They'll allow password sharing and they'll let people copy data to mobile devices and USB sticks, so employees can walk out of the business with the whole client database, and then take that to a competitor."
"You can restrict the use of external storage devices by using software like Trend Worry-Free Business Security," explains Rob.
"You need to decide which employees should be allowed to save data to mobile devices at work," he adds. "If other employees need to save data, they need to ask permission."
5. Ignoring software updates
‘Updates are available for your software.' It's a frustrating message that invariably appears when you're rushing to hit a deadline. However, failing to act on it can be dangerous.
"Some updates provide significant performance and security enhancements," confirms Rob. "When people don't take these messages seriously, it can lead to problems, especially if the updates are to antivirus software or other security programs."
If you only have a few computers in your business, you can install updates onto each manually. Alternatively, ask your IT supplier to set up a centralised update system, to roll out software updates soon after they are released.
"The latest version of Windows forces you to install updates when you shut down," closes Rob. "It can be annoying if you're in a hurry to leave the office, but at least it means you know the updates get done."
Top tips on using gadgets at work
- Beware free Wi-Fi ― ensure you keep business information safe when using wireless networks outside the office. Educate staff on the dangers of Wi-Fi hotspots at airports and in cafés, which can be a breeding ground for malware.
- Secure mobile devices ― make sure your device is both password protected and encrypted.
- Save passwords carefully ― don't save security PIN numbers or banking information on mobile phones or the desktop of your laptop. If they are lost or stolen, you are making it easy for your identity to be exploited.