Last month the world celebrated Data Privacy Day (28 January). Missed it? In case you did, it’s an annual event highlighting the importance of data protection to individuals, consumers and businesses. And with Sony’s £250,000 fine following the loss of personal details from Playstation gamers still fresh in the mind, the overall message from Data Privacy Day that the ‘protection of privacy and data is everyone’s priority’, should be high on the agenda for every business.
A couple of years ago, Google’s CEO, Eric Schmidt, said: ‘Every two days we create as much information as we did from the dawn of civilization up until 2003. That’s something like five exabytes of data.’ Exabytes? That’s a billion gigabytes. Putting that into perspective, the journal Science calculated in 2011 that all the information in the world was equal to 295 exabytes, or 1.2 billion hard drives.
Big numbers but if you boil it down further and think that one gigabyte probably equals 20 filing cabinets of text documents, you can begin to see how even the smallest business has responsibility for huge amounts of information; a smartphone alone for example can hold 32 gigabytes of information.
It’s your data, and your responsibility to keep it safe
The responsibility for all that data held by your business lies with you and it’s important to be aware that there are people who want to fraudulently access that information. Technology company Verizon in their 2012 Data Breach Investigations Report*, investigated more than 800 data breaches and found that the majority – more than two thirds (612) – affected businesses with fewer than 100 employees.
Having recognised that data privacy is a major risk issue for any business, what can be done about it? The first step is to recognise where the vulnerabilities lie.
A data breach could happen as a result of simple mistakes such as:
- losing a laptop, USB or smartphone
- leaving files in a public place
- emailing the wrong person.
Or because of an unfortunate event:
- a theft at the office.
Or from sophisticated attacks:
- a deliberate hack to the network
- card skimming.
The information highway robbers
Your business should then classify the type of information you hold and try to categorise the level of hazard attached to each category. For instance, credit card details are arguably the most valuable data currency for hackers. Next on the ‘must have’ hit list for hackers is personal detail such as health, social security and passport information.
The Information Commissioner’s Office has published A Practical Guide to IT Security with advice for small businesses and amongst its recommendations, advises a ‘layered’ approach to preventing data loss including:
- physical security – protect against break-ins and theft of equipment containing personal data
- anti-virus and anti-malware – should be in place, used regularly, and kept up to date
- intrusion defence – stop breaches happening before they penetrate deep into your network, for example, by using a well configured firewall
- access controls – restrict access to your system to users and sources you trust. Each user must have their own username and password. You need to enforce strong passwords, limit the number of failed login attempts and enforce regular password changes
- employee awareness and training – employees at all levels need to be aware of what their roles and responsibilities are. Train your staff to recognise threats such as phishing emails and other malware.
A breach of personal data can be a major event to businesses of all sizes. Specialist Data Risks insurance is available to help you know when to conduct a forensic investigation, who and how to notify, whether to set up a call centre and how a public relations company can help, as well as covering any damages which might be payable.
The key point to remember is that every day should be Data Privacy Day for your business. You should be continually on the lookout for potential threats and ways to ensure the data your business holds, stays safe.
*Verizon – 2012 Data Breach Investigations Report