Business IT Guide: Keeping laptops & PCs secure
Time and again, press reports write about the dangers of sensitive data going missing. This Business IT Guide takes you through the basic steps to secure data on your laptop and other devices from prying eyes.
A lot of small business data is private and confidential. For example imagine if your customer list or prospect data went missing and ended up with a competitor - your business could suffer a lot of harm.
As well as protecting the physical computer assets that you have such as server PCs and laptops, it is also possible to secure data by using encryption. Scrambling your business data so others can't access it can save your business considerable stress and financial loss. Good passwords can also save your business a lot of time, money and grief.
Basic steps to protect your data
Most small businesses will have a small number of key documents that will need an element of protection. Typically these might include spreadsheets containing customer and prospect lists, contracts and other agreements stored in your word processor. The operating system file security system can protect these documents and setting passwords on each of the individual files prevent them being seen by the casual observer. Most other documents in the business will not need to have any level of additional security.
You may decide to add different types of access such as read-only. This prevents the unauthorised reader making changes to the data but they can still access it to read it. This may be useful for a customer list. Some more advanced small business accountancy packages may have additional security built into the package. Proper use of this security is important to prevent sensitive financial data being read.
Additional data protection steps and the small business
There are lots of tools and gadgets on the market to help you secure your data and most of them are very transparent in their daily use - you will not need to worry about how the data encryption is done. Once the data has been protected, it is very difficult, if not impossible to return it to the original state unless you have a key to unlock it.
Data can be protected by encryption both when it is sitting on your PC and when it is being sent electronically to a partner, customer or supplier. In reality very few small businesses are under threat of their data being read when being sent by email. The biggest problem is someone stealing a PC or laptop or a USB memory stick.
Encryption solutions can cost from nothing through to hundreds of pounds, depending on the scale and type of solution you need for your business.
Here are some suppliers of encryption solutions:
Please note that the Regulation of Investigatory Powers Act part III enacted in October 2007 has implications for businesses and individuals encrypting data, and may require them to hand over their secret encryption key to the authorities. Failing to do so could lead to a five year jail sentence. Further details are available in the Business IT Guide on Data protection law.
Every small business needs to take care that its data remains secure from malware attacks, which can result in data being stolen. For further details on malware, see the Computer viruses and malware guide.
You also need to consider data being stolen by those with legitimate access to the data. For a very small business with one or two trusted employees this may not be a problem, but as you grow in size you may find a disgruntled employee decides to leave with your customer data. This is a very difficult problem to deal with using IT as these people need access to this data to do their jobs. Imposing draconian processes and procedures is really out of the scope of many small businesses as they neither have the time, money or expertise to implement them. Being aware of the problem is often sufficient to deal with minor cases of data theft. Significant losses will need to be dealt with by legal action.
Managing passwords in the small business
Inevitably you will need to secure some data using passwords, but how do you make these easy to use but also resilient?
Here are some tips to help you manage your passwords:
- Minimise the number of passwords your team have to remember
- Try and use good, memorable passwords that combine letters, numbers and symbols
- Force passwords to expire at regular intervals so people have to change them (this protects you against someone learning other people’s passwords before they leave your company)
- Force people to come up with passwords they haven’t used before.
Also make sure your team members are aware of basic password security measures:
- The need to keep passwords private
- The need to change default passwords in software and equipment
- No one should ask people for their password; and they have the right to refuse to provide it
- Do not write passwords down or include them in emails
- Methods to come up with memorable passwords. A good one is to come up with two completely unconnected words connected by a piece of punctuation. For example: train+envelope. Now create a mental picture that features the words you chose; for example a train sticking out of an envelope. You might be surprised how easy this kind of password is to remember.
- Being vigilant for any failures of password discipline.
Free security advice
Whether your business has been affected by crime or you are seeking preventative measures against crime, the Business Crime Reduction Centre can help. They can be reached by emailing info@bcrc-uk.org (BCRC) or calling: 0114 275 1283.
What next?
Your local Business Link will have more information on security advisers and IT consultants in your area.
Source: Keeping Laptops & PCs Safe and Secure
The Business IT Guide enables businesses to make the right IT decisions.
![Business IT Guide](/files/siftmedia-accountingweb_images/businessitguide.jpg")
