Courtesy navigation

Blog posts tagged data protection

Information is the lifeblood of business, so why don't small companies protect it?

February 02, 2012 by Roger Keenan

Laptop on fire – are you backed up?{{}}Information is the lifeblood of a business. Without it, everything else you need to make a business tick - like sales, customers or profit – stalls permanently. So making that information easily accessible is vital.

As it’s so important, you’d expect the information to be easily available to the people who need it, and protected from those who don’t. However, the reality is different: at last year’s IP Expo, 60% of people surveyed by my company City Lifeline said they had lost access to their company’s IT system following an unexpected incident. Oops.

In 40% of these cases systems were down for six hours or more, bringing the business to a halt for an entire working day. Just think of all the things your business uses IT for in just one day. Imagine not being able to access your email, check customer documents or view essential data.

Losing access to your data hurts your pocket too. Symantec’s 2011 SMB Disaster Preparedness Survey found that losing access to data and electronic communication systems costs small companies an average of £7,500 a day in lost business and productivity.

Prepare for the very worst

Unplanned downtime can stem from something as innocent as a workman cutting through a power cable or as sinister as a malicious cyber attack. Whatever the cause, they all have one thing in common: the element of surprise.

The best business owners not only prepare for the things that are going to happen, but also for things that could happen. “I didn’t know it was going to happen,” is not much of an excuse when faced with an angry customer or an office full of staff who can’t get their work done.

If your business’s information is adequately backed-up, the chances are good that your IT systems will be working by the end of the day. But if not, the consequences can be disastrous.  In a worst case scenario the lost data can never be recovered, and neither can the business.

Some research suggests up to 70% of small businesses that lose data in a major incident are forced to shut within a year. Yet the Symantec report mentioned above also shows that less than half of smaller businesses bother to back up data every week. A mere 23% take daily backups.

Risks are part of business, but...

Taking the odd risk is part and parcel of being in business, but risking the safety of your information is equivalent to cutting off your oxygen supply. Huge corporations often have the money, expertise and resources to escape from a tricky IT gaffe. Quite often, smaller businesses do not.

This vulnerability makes investing in off-site data backup vital. It only takes a one-off incident to disable access to your IT systems. And it only takes one major incident to cripple your business forever.

If you lack the time and resources to create a backup strategy from scratch, it may be worth working with an IT supplier which can store your data securely in a different location. Some suppliers operate or have space in colocation data centres, highly secure buildings specifically designed to keep your information safe. (The company I work for, City Lifeline, offers colocation services.)

Do your business justice by investing in your information in the same way you would invest in a new computer or member of staff. Your information is key to your company’s viability, so return the favour and look after it just as well.

Roger Keenan is MD of City Lifeline.

Posted in IT security | Tagged security, data protection, backups | 0 comments

Cloud computing legal dos and don'ts

August 02, 2011 by Maria Anassutzi


Justice in the clouds? (Image: Ariaski on Flickr.)

When businesses use cloud computing, it often means they don't need to buy or install software, or run their own servers. The benefits can be compelling, but cloud computing also presents some interesting legal issues.

Contracts, data protection and copyright

Because cloud computing services involve storing data outside your business, usually on servers operated by another company, there are some contractual, data protection and copyright issues to be aware of:

  • The risk of concluding contracts inadvertently. For example, if one of your employees signs up to a cloud-computing service using a computer at work for a purpose related to their employment, then your company could be bound by the terms of that cloud computing service - even if the employee acted without consulting anyone.
  • The risk of data protection compliance. If your employees input personal data held by your business into the cloud, your company must comply with its data protection obligations - including those relating to the transfer of data.
  • The risk of intellectual property infringement. Your business could be liable if staff post defamatory or copyright-infringing content into the public areas of cloud-computing services. Appropriate policies, procedures and training must be given to employees.

Licensing and software use

A software licence is the set of terms and conditions you agree to before you start using a piece of software or a cloud computing service. Software licensing can be confusing at the best of times, and there are some specific things to remember when you're choosing and using cloud computing services:

  • You must have appropriate licences. Some cloud computing services are only licensed to be used at certain computers. So if any of your staff use them at computers without a licence, they commit copyright infringement.
     
    Also, licence terms can be narrow and may limit you to using the service only for your company's own purposes - so check your sub-contractors and business partners can use it too, if they need to.
  • Using open source software. Many cloud computing services are built on open source software. However, some open source software requires software based upon it to be distributed under the same terms - i.e. made freely available. This could have consequences for your business, if you want to retain the software just for your use.
  • Intellectual property indemnity. A cloud computing operator may not always own the intellectual property rights in the software used by their service. If that's the case, that operator has to sub-licence the software to its customers, or arrange a direct licence between its customers and the relevant software company. Check this has been taken care of, or your business could be liable for using unlicensed software.

International implications

It can be hard to tell where cloud computing services actually operate from. Even those that price their services in pounds may be based outside the UK. And if you are dealing with a UK company, they may still store your data on servers in other countries.

In most cases this isn't a problem, but it's wise to aware of the issues that can arise:

  • Unexpected obligations. You need to make sure that foreign law does not result in unexpected and binding non-contractual obligations for your business. For example, in some countries you may have duties of good faith in negotiations which do not exist under English law.
  • What happens if things go wrong? A cloud computing provider based in the EU can be sued in all the jurisdictions in which it provides services to its customers.
     
    But when a cloud computing provider is based outside the EU, it can be harder to enforce court orders against the company. It's usually best if the governing law of the contract is the local law of the cloud computing provider.

This article is for general purposes and guidance only and does not constitute legal or professional advice.

Posted in Business software, The internet | Tagged legal, law, hosted services, data protection, cloud computing | 0 comments

2011: the year of the data breach?

April 08, 2011 by John McGarvey

Shredded paper

Are you taking care of data properly? (Image: Flickr user dawnzy58 under Creative Commons.) 

If the first months of 2011 are anything to go by, this could be the year of the data breach. It almost seems like companies are falling over each other to give away information about their customers.

Here are three high-profile data breaches that have hit the headlines in the last month alone.

While you read about them, think about how many smaller incidents may go unreported or even undetected. Then stop to consider if your business does enough to safeguard its customer data.

1. The Epsilon effect

Epsilon runs huge email marketing operations for clients like Citibank and Marks & Spencer, yet still managed to have millions of customer email addresses stolen when someone got into the company's systems without authorisation.

What we can learn: the information stolen during this breach belonged to Epsilon's clients, many of whom have since warned customers that they may receive more spam as a result.

So, if your business shares data for marketing purposes or joint ventures, make sure you only work with partners you trust, and ask searching questions to find out how they protect the data. Get a strong contract in place that - if possible - places financial liability for data breaches on their shoulders.

2. Don't Play with your data

Hugely-successful Jersey-based online retailer Play.com suffered embarrassment last month when users reported receiving junk email to addresses they'd only ever used on the site. It soon emerged that a company responsible for some of Play.com's marketing communications had suffered a breach.

What we can learn: spotted the pattern yet? Just as with the Epsilon breach, although Play.com customers were affected, the leak actually occurred at another company.

However, Play.com's subsequent customer communications are an exercise in good damage limitation. They apologised quickly, explained what went wrong and described the possible consequences for customers.

3. Losing data the old-fashioned way

York City Council adequately demonstrated that you can lose data without turning to high-tech hackers. All you have to do is print it out and then send it to the wrong place. The council was criticised this week for accidentally posting personal information to a third-party.

What we can learn: hard copies can cause problems too, especially when left lying around. If you have to print out sensitive information, grab it from the printer quickly, then keep it somewhere it can't get mixed up with other paperwork. Once you're done with it, shred it.

Posted in IT security | Tagged security, leak, hack, email, data protection | 1 comment

Don't print your way into trouble

March 11, 2011 by John Sollars

Printer graveyard

The rise of the internet has created a repository of knowledge and services that are accessible from nearly anywhere in the world.

Of course, none of this comes free. So, almost any service you use online will require you to surrender some personal information. The companies who use this data have to protect it at every stage.

If your business stores and processes sensitive data (and let's face it: whether it's your accounts or customer database, most do), are you sure you know all the places it ends up?

What's hiding in your printer?

Did you know that printers and scanners store information sent to them?

They do this for performance reasons; to minimise the amount of data being transferred or to reduce the time it takes to get ready to print.

For instance, imagine you send a print request for ten copies of a document. Your printer will save the document once, then print the additional copies from this memory. This means it doesn't have to receive and process ten individual files.

The same happens when you scan, fax, or utilise pretty much any feature on offer from your reliable office all-in-one device. When you tally the amount of print requests you send, the information at risk can soon mount up.

How does this affect your company?

Take a quick guesstimate: how many customer-related documents are sent through your printer each day?

If you’re thinking of a number higher than zero, this issue should be of concern to you whenever you are looking to replace your office hardware.

Disposing of equipment responsibly, paying particular attention to any memory built into it, will protect you from future problems. At Stinkyink.com we crush the memory chips of any printer we discard.

It’s the only way we can guarantee that the 100,000 people on our customer database are fully protected, to the same level we ourselves wish to be.

Did you know your printer memory could hold hidden secrets? Do you know of anyone who has struggled with security issues like this? Are you concerned about misuse of your own information?

John Sollars is MD of Stinkyink.com

(Image of a printer graveyard from Flickr user wonderferret under a Creative Commons Attribution licence.)

Posted in Computer hardware, IT security | Tagged printing, Printer, data protection | 0 comments
Syndicate content