In spite of efforts by professional associations and the media to increase awareness concerning the protection of client and business information from intrusion or loss, business professionals are often unable to tackle the problem on their own, or find adequate resources to combat the ever escalating risk.
"Secure computing is now more than protection from hackers, intrusion and theft of data. It is also about getting up in the morning and knowing you are going to have an uninterrupted, productive day in spite of these growing threats."
When the risks we face doing business electronically in the 21st century go unheeded, professionals put their businesses and their reputations on the line using poorly supported and unencrypted computers that are vulnerable to theft, loss, attacks and technical failure.
Weighing the risks
The dangers abound from the simplest of every day sources. According to Google, 325,000 websites contain malware, up from 150,000 a year ago.1 And from McAfee Labs, in the second quarter of 2009, SPAM, often loaded with links to malicious sites and program code, jumped 80% from the previous quarter.2
Websense, a worldwide leader in internet and email security, reports that 61% of the top 100 sites on the Internet either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.3
It is estimated that at least 40% of all computers have had malware4, and, according to research firm AMI-Partners, 20% of small businesses say they would experience catastrophic personal and professional consequences from a single data breach.5
The extraordinary frustration and loss of time and revenue if even one of these threats breaks through and stops-up a professional’s computer is significant.
In her 2008 report to Parliament, Jennifer Stoddart, Canada’s Federal Privacy Commissioner, stated "unguarded personal information is just low-hanging fruit for unscrupulous marketers, illegal data brokers and even identity thieves." She goes on later in the report to add "The need for strong private-sector privacy laws has never been more acute."6
61% of the top 100 sites on the Internet either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.
So we are hearing about it from all angles. The pressure today running even the smallest enterprise is significant. Beyond the responsibility we have to protect certain information we come into possession of, there is in my mind the even greater need to simply ensure we can continue to run our business in the event of a data loss. It could be something as simple as a defective hard drive, but the consequences are the same. Secure computing is now more than protection from hackers, intrusion and theft of data. It is also about getting up in the morning and knowing you are going to have an uninterrupted, productive day in spite of these growing threats.
As security threats increase, the need for renewed effort and increased measures to protect data rise with it. It will be critical for the greater proportion of the business world, small business, to acknowledge the new elephant in the room, the need to protect their business information from the array of threats they face.
So what is a professional to do?
It’s far too complicated to finitely detail here what you should be doing every day to ensure you are playing it safe, but three broad steps could be considered a basic checklist for ensuring you are taking a minimum of care and acknowledging that data loss elephant standing over your desk.
First, understand your obligations. If you collect any more information on a customer than you would see on a business card, know you have a duty of care to protect that information. If you are involved in health care, education, the insurance sector, or have any information on your computer that common sense tells you that you or your client would not want to see published on the Internet, there is now likely legislation or professional regulations that require you to take definitive measures to properly and securely manage and store that information. PIPEDA (The Federal Personal Information and Electronic Documents Act) for all businesses in Canada, IIROC for financial professionals, and various provincial privacy Acts are examples of this.
Second, secure your computer. Ensure you are enabling some form of encryption, use a sophisticated password, and keep your anti-malware and Windows security patches up to date. Also be sure to secure through encryption any external devices on which you store information. By the way, use a brand name, high quality anti-spyware, anti-virus suite. This has clearly become a get-what-you-pay-for proposition. A popular technique cyber-criminals used last year to penetrate systems and steal confidential identity data was to offer their own “free” anti-virus, anti-spyware software for you to load onto your computer, then monitor your system for valuable information and take it from you in their own good time. Talk about the proverbial fox in the henhouse. Microsoft reports that this form of “rogue security software” now infects more than 13 million computers.7
Third, back up your information religiously. A good back up, numerous copies deep, is the ultimate failsafe against loss, theft, fire, mechanical failure, human error, viruses, trojans, and malware. While storing off-site in a secure data centre is optimal, and I highly recommended it for not just the larger organization but even the one man shop (maybe especially the one man shop because they are unlikely to have a second location to safely store their backup) any backup is better than no backup. But if you insist on still doing it yourself, make sure it, like your computer, has strong encryption and that you store it somewhere other than where you keep your computer. There must be nothing more maddening than to have both your computer and your back up stolen or destroyed at the same time. It happens.
On top of all this, occasionally test your backup. Make sure you can call a file of information back to duty the minute you need it, before you actually ever have to. Too many times we have seen professionals test their back up when they desperately needed it, only to find the system was not working properly and the back up data required was unrecoverable. For litigation purposes or just being able to electronically recollect what was done, being able to retrieve is the critical "other half" of the back up process you must ensure works well.
OK, apologies for all the cloak and dagger doom and gloom. The last thing you need is one more thing to worry about. So let me leave you with a more pleasant thought. Properly managed and secured, electronic data is more secure than any locked filing cabinet, desk drawer or office safe ever was. With proper encryption, strong passwords, good file organization and a decent back up, you will have the peace-of-mind knowing you are better protected than you ever were before. Time to go and face down that 21st century elephant…
Small business professionals wrestle with a remarkable number of challenges every day to ensure the success and growth of their business. And the job isn’t getting easier. The threat from a virtual armada of cyber-criminals looking for even the smallest wins to steal confidential information seems ever increasing. Managing and storing confidential client and business information is one more task on the list of new-age responsibilities that can go unaddressed in the challenging daily melee of running a business.
Get up to 100 Bonus Minutes per month**
