Keeping Your Data Safe

3. Data Storage

The way you store your data is key to keeping it safe.

Some storage methods are more secure than others, so you should think about where you keep your most important business data.

3.1 Storing data centrally is generally most secure.

• You should consider storing your mission critical data on a central server.
• Having data in only a single place reduces the risk of theft.For instance, the risk of data being stolen is reduced because it is not stored on employee laptops.
• However, having data in one place means there is a single point of failure.If your server breaks, your data could be inaccessible.
• To guard against this, consider mirroring the information elsewhere.Your IT supplier can help with this. Always keep backups (see 5).
• You will need to provide a secure way for employees to access the data (see 4).

3.2 In general, the risk of data loss increases the more places the data is kept.

• Discourage employees from saving important data on their own computers.A single laptop theft or virus infection could be disastrous.
• Instead, provide each employee with a personal area on your server.

3.3 Be particularly aware of the risks posed by removable media.

• It is easy to lose a CD or memory stick.
• Instead of burning data to a CD and posting it, you can securely transfer data across the Internet.Ask your IT supplier or web host to set this up for you.
• A disgruntled employee could transfer your entire customer database to a memory stick in seconds.You can disable the USB ports on your computers to make this impossible.

3.4 Wherever your data is stored, always take some key precautions to protect it.

• If data is kept on a system connected to the Internet, use both software and hardware firewalls to keep out hackers.
• Look for software products with Common Criteria Certification, which proves they have been rigorously tested for vulnerability to hackers.
• Back up your data regularly (see 5).
• Install up-to-date security software on all your computers and servers and scan regularly for viruses.
• Consider using encryption to protect your most important information.This scrambles the stored data, and is much more secure than simple password protection. Recent versions of Windows have encryption built in.
• Remember physical security.Keep your servers in a secure room and use locks to keep laptops and desktop PCs secure.
• Consider disposal carefully.Data stored on the hard drive of the printer has to be erased before the device leaves the office for disposal and recycling.