March 10th 2010, Midlands Business News, column by Mike Musson

Data is at the heart of every business, but is your company’s data secure? The implications of data loss are significant; from lost business and damage to your reputation, to fines or even prison

Article

On a basic level, most businesses would struggle to function without access to electronic data; whether it's a contact database, HR, accounts or payroll. Temporary data loss can be costly in terms of operational downtime but permanent loss can be disastrous and even stop the business from trading. Attempting to replicate lost data is at best time-consuming and at worst impossible.

Physical data loss, of which there have been several high profile cases in the media, can also have far reaching consequences.  The press coverage of these incidents has raised public awareness of how lost or stolen data can be used for crimes like identity fraud, so they can seriously damage a company's reputation. 

There are various steps that organisations can take to ensure that data is kept secure.  Nowadays, as the majority of files are kept electronically, an IT backup plan is crucial. Technical failure can take numerous forms: hard drive crashes; natural disasters; human error; theft; virus attack; or power surges. There are various options such as subscribing to an automated online backup service where data is copied and transferred to the provider's servers.  Alternatively, companies can keep a copy of their own files, but this needs to be done regularly, weekly if not daily, with the duplicate storage device kept off-site.  It's also essential to install a company firewall and virus protection on a network and individual laptops.

The growth of home and mobile working means that confidential business data is increasingly being stored on laptops therefore raising the risk of data being exposed to third parties. There are a variety of ways that businesses can address this from setting physical barriers, such as data encryption and enforcing passwords, to establishing strict policies on the use of company data. 

The Data Protection Act means that firms have a legal responsibility to keep personal information about their clients confidential.  Businesses also need to keep financial records for up to seven years.  Failure to meet either of these requirements can result in legal actions. 

Data backup is not always a number one priority when running a business, especially on a limited IT budget.  But with financial figures, competitor information and customer data on your computer system, the potential cost of data loss needs to be addressed and managed effectively to avoid disaster.

The issue of security, as a whole, is one of the focal points of the West Midlands ICT Cluster's strategy.  As such, the Cluster is in the process of setting up a technology group for this area, the first meeting of which will be scheduled for early 2010.