In the first of his Hiscox columns, digital and IT expert Mike Briercliffe examines the impact of Big Data, the Internet of Things and disruptive technology on small businesses…
Tech-savvy or otherwise, it’s important for every small business owner to understand the role of data in their organisation and what they must do to safeguard and secure it. Unstructured data is coming at us thick and fast, and the more of it there is and the less that is done about it, the more difficult it becomes to secure.
In the days of the mini computer, even in the days of the micro-processor server, the data was on a central machine with dumb terminals hanging off it. The data was all in one place.
The first big disruption came during the PC revolution, when data increasingly moved to the desktop – whoever was trying to control it couldn’t because it was being replicated and distributed across a largely uncontrollable network. All the time during that revolution, people like me were trying to recapture the data – not to prevent people from seeing it, but to make sure it was right and it was in sync and it was secure.
The PC revolution gave way to the Cloud revolution, where there’s typically one set of data being shared across a network. This means that data can be updated and seen as updated by all the parties using it. Data wasn’t always resident on individual machines, it was increasingly back on a shared platform.
The industry and its users have spent a heck of a lot of time trying to re-control data – and, to an extent, this recent Cloud disruption helped achieved that. Now onto the scene comes this fast and furious thing called ‘Big Data’.
Social media is such a big component of generating data in modern business that it has become a significant part of what we are now calling ‘Big Data’ (which in my opinion would have been better named “Fast and Big”). This data arrives at a massively fast rate and will be used in most business sectors in the future to build competitive edge – so it’s probably important to us all.
And then, of course, comes the Internet of Things: what you’ve got here is an (as yet) uncontrolled and probably insecure environment on a much bigger scale than anything we’ve seen before: 30 billion connected devices by 2020 is a guide to the scale that this virtual monster may well reach.
What does this mean for small businesses?
The first thing to realise is that in a small business it’s easier to control your data than it is in a large business, because there isn’t quite so much of it. So that’s a good thing. Regardless of the size of the enterprise though, it is important to have a structured approach to data. Particularly so now.
Currently there aren’t enough people who know how to structure and secure data in businesses, or even advisors to tell people how to do it. More to the point: there isn’t the willingness on the part of many small business leaders to spend the time and money to ensure that their data is secure. And that could be a recipe for disaster when it comes to the Internet of Things.
The Internet of Things exists at a domestic level – lights, music, internet – but increasingly so at the ‘supply chain’ level and at the company level.
As an example: You may want to open a gate automatically to let all your employees into the building. In the future this will be done by the Internet of Things: a computer releasing a mechanism at a pre-programmed time. But if somebody’s has hacked your data, the gate won’t open.
This is a very simple example, of course. But if you have a business that is automating itself for competitive reasons, quite rightly, and didn’t have its data in place, or security around its data, at this very simple level things could start to go very wrong.
It needs to be accepted that malicious hackers are lining up to use the Internet of Things as a virtual playground – sometimes out of commercial malice and sometimes just for the fun factor.
So what do you do to put it right?
If you ever thought data integrity wasn’t important then you were wrong. If you think it’s not important now, you’re ten times more wrong. If you’re data isn’t properly protected now then you could be in a lot of trouble going forward.
If you’re in the business of securing data or helping people secure things, you need an ISO Standard called ISO 27001: a badge, which when earned, says: “My data and the processes around my data are secure.”
If you haven’t got a senior member of staff in your business who says, “data control is my problem”, then you haven’t even started.
So, my first piece of advice is this: somebody on the board of directors has to be in charge of data integrity and data control.
Next, that same person needs to ensure that data is at the every least secured and that appropriate precautions are taken so that it can’t be stolen, it can’t be lost, it can’t be given away and it can’t be hacked.
Sometimes hacking and stealing are the same thing, but sometimes people leave laptops and discs on trains.
Once I was asked by a lady, that I already knew to be a civil servant, on a train to look after her computer while she visited the ladies room, and I responded by saying: “Okay, I’ll back it up for you.” She asked me what I meant and then I said: “You see that slot on the side of your machine? If I put this USB stick in there then I can back up everything on your screen right now before you get back to your seat. I’m not going to do that, but you should be careful who you ask to look after such important data.”
The biggest security risk to any business is not the technology itself, it’s the people with access to the technology – with simple carelessness massively exceeding malicious intent.
Whoever’s in charge of data integrity needs to write some baseline rules to the employees with regard to data, starting with ‘don’ts’. For example, “You can’t download data without permission, you can’t take data off the premises without permission, you never share data with non-employees”, and so on.
At the end of the day, if a business has its data secure and structured, and its processes streamlined, then that business is going to be more efficient and more equipped to handle the massive disruptive effects of new technologies like “Big Data” and “The Internet of Things”.