Just like a good business suit, the strongest data protection is made to measure. Why? Because draft documents, customer information, spreadsheets: every type of data you handle is different.
Depending on its importance to your business, its privacy level, the legal restrictions it’s subject to and whether employees need to access it remotely, you will need different protection measures in place.
If you take a one-size-fits-all approach to data protection, you’ll make your everyday information too difficult to access and leave your sensitive information too open. Learn to tailor your protection, and you can tread the right line between security and access.
Assess the value of your data
The following checklist of questions will help you decide what levels of protection you need in place:
- Is it subject to legislation? The Data Protection Act outlines how you can legally use people’s personal information and it specifies how you need to protect it. Take note of any special cases to make sure you’re not caught out. For instance: when transferring customer information from the EU to the USA you’ll need to form model contract clauses with each of your clients before you can legally transfer the data (learn more about that and other overseas office issues here).
- Is your customers’ privacy at risk? Legality aside, customers who lose personal information due to your poor security are unlikely to stay your customer, particularly when financial information is at stake.
- Do your client contracts depend on it? Some clients protect their data under certain contractual conditions; if that’s the case you need to treat that data with utmost care to both keep your client and avoid legal comeback.
- Is your employees’ privacy at stake? Under the Data Protection Act, it’s also your duty to keep your employees’ data safe. In any case, it’s essential for morale that your employees trust the way your systems handle their personal information.
- Is it business critical? If the information were lost, what would the impact be on your employees’ day-to-day jobs? The bigger the potential disruption, the greater the need for security.
- How often is it accessed? Although ideally all of your data would be placed under the highest protection available, this can inhibit how easily your employees can access it. If your team uses a shared document every day, you need to make sure they aren’t spending half their time trying to access it.
- Where is it accessed from? Your employees might need to access certain data on the go; this requires a different approach to security that keeps it safe in transit.
Tailor your data protection approach
Now you understand your data a little better, you can work out how to tailor your protection to suit. You can set up:
- All of your data should be password protected, meaning your employees have to login to access the information on your network or via a secure app. For more sensitive data, consider two-factor authentication.
- Information rights management. You should fine-tune the way you allow your employees to access data, depending on the type of data and the reason they need to access it. Sensitive employee information, for instance, should only be viewable by your HR department. Meanwhile, documents that all your employees use, but only a few edit, you should set to view-only for the majority.
- Remote access. Remote working is great but it opens up other security risks. For instance, criminals can access unsecured Wi-Fi networks and steal information as it’s being sent across the network. Data that is too valuable to lose, and not essential for remote use, shouldn’t be accessible outside of your private network. Any data that is accessible should always be encrypted when in transit and ideally you should have a virtual private network (VPN) that allows employees to access your network securely.
- Mobile access. On-the-go access from phones brings a further layer of security risks. Prepare your data security with our three-part advice and make sure your employees aren’t using rogue apps to access any data, and are instead using company-approved apps, which allow you to retain ownership of the data and implement information rights management.
- Network monitoring. Network monitoring tools allow you to manage, monitor and restrict what data is sent out of the office.
- Version control. Version control software lets you keep track of any changes people make to key documents, and revert to earlier versions if necessary.
At first glance, you might think that data protection is a one-and-done task. But the complexities of regulations and requirements mean a single ‘padlock’ just won’t work in the modern office.
Whatever information you’re handling, if you want to keep it (and your business) safe, you need to take a tailored approach.