I get it…I TOTALLY get it. Protect your business and personal data. Back it up. Backup the backups. Destroy old documents. Keep your passwords safe and secure. Use strong passwords.
*snore*…I so did NOT want to hear it again. That is, until I read an article from my insurance company (thank you, Hartford and author James O’Brien)…yes, my insurance company.
See…it’s not enough to simply have processes in place, but you need to TEST and EVALUATE those processes on an ongoing basis. Make sure that what you THINK is happening really IS happening. Make sure that you’ve plugged all the potential leaks in the proverbial dyke.
Say what?
As James says ‘How small businesses can lose their data in 5 easy steps’. As Sandy ammends, ‘do NOT be one of them’!
First, we’ll work on the assumption that you actually do make backups of your data. Have you ever tried to RECOVER data from one of those backups? Does the process work? You really aren’t sure that you have a valid backup until you actually try to RECOVER data from a backup. Put a process into place that tests your backup at regular intervals, say once a month. Select a file at random, then restore that file from your backup. Open the file up. Does it work? If so, great. If not, your backup isn’t worth a ‘hill of beans’, as my grandmother used to say.
Second, protect your sensitive company information (virtual and hard-copies) from angry or disgruntled employees. If you let an employee go, make sure that you monitor all movement (physical and virtual) before they have left the premises. “Trim” their access to electronic information. Make sure that they don’t delete important information and/or email themselves sensitive documents.
Third, don’t toss paper documents that contain important or secure information in the trash, or other waste disposal service. I once found carton upon carton of a company’s sales and employee records in the dumpster at my condo complex (this is a similar anecdote to the one shared by James, but I know it first-hand because I found the documents). Clearly, someone was trying to ‘safely’ dispose of the information by removing it from the company premises, but they’d exposed themselves to virtually ANYONE getting a hold of the information. If you have alot of paper to dispose of, have a mobile shredding service come to your place of business and shred it on-site. Personally, I’d want to SEE the shredding actually done, not have the documents hauled away by minimum-wage workers to some other place for disposal. That seems to open one up to exposure again.
Fourth (and I didn’t even think of this one), digital office copiers are computers themselves. You wouldn’t throw away a computer without first thoroughly wiping the drive. Don’t relinquish a leased copier, or ditch an old copier without making sure that it’s memory is wiped.
Fifth, don’t “nuke” your computer or other technology while trying to do simple maintenance…and yes, I HAVE DONE THIS myself, many years ago, but trust me, I learned a VERY valuable lesson. What do I mean? Words like ‘restore’ or ‘reset’ can be easily interchanged…however, in some technology, one will mean ‘go back to factory settings, but keep all my data’. In other technology, it means ‘wipe all my data and return my technology to its original state’. MAKE SURE THAT YOU VERIFY that your data will remain on the device BEFORE you run the process…and just in case, have a good backup (see the first item) before you proceed.
If you’re wondering how I messed this up myself, I was working in the command prompt (the old C: prompt pre-Windows) and I typed (accidentally) ‘del *.*’, then hit return. Basically, this very simple combination of seven keystrokes means DELETE ANYTHING AND EVERYTHING on this computer. There was no ‘are you sure you want to do this’ (this is back in the dark-ages of computing). It simple DID what I told it to do. Most of the time, but not all of the time, systems nowadays say ‘are you sure, are you really, really sure?’ before allowing you to totally wipe out your system and your data, but not always. When in doubt, go to the support section of your hardware or software manufacturer and read the detailed directions – they’ll tell you there.
Bottom line: The world is scary enough with data breaches occurring right and left. Make sure that you’re not contributing additional information!