Do you know who has access to the data your customers entrusted to you? Are you absolutely sure you know? Can you be sure your employees are handling this data properly while working with it? Nowadays many online tools and cloud services help simplify in-team data exchange — but simplification of exchange can lead to complication of data protection.
What can go wrong? In a word, everything. Most problems come down to common mistakes: someone sends corporate data to personal e-mail to work from home; an employee uploads data to a file-sharing service to be able to access it while traveling; the team works with an online version of a document that can be accessed from a direct link; cloud services are misconfigured. According to our recent survey, “Growing businesses safely: Cloud adoption vs. security concerns,” 58% of SMBs use various public-cloud-based business applications to work with customers’ data.
Don’t forget about classical pre-cloud-era mistakes, either. Working with data on personal unprotected mobile devices, or carrying it on removable media that can be lost or stolen, remain popular ways to put customer data at risk. Others include disposal of printed copies of that information into common trash, or allowing access to the information by unauthorized employees.
Potentially, that data can be used by different parties — competitors, disgruntled employees, cybercriminals — to harm you in a variety of ways such as tarnishing your reputation or holding data for ransom.
Keeping and processing your customers’ data safely requires not only robust protection that extends to the cloud, but also certain internal measures. Businesses that operate in Europe and fall under the jurisdiction of GDPR should already be familiar with the concepts. However, they still need to keep in mind that the information they need to protect is not necessarily limited to “personal data.”
To be sure that the information your clients entrust to you will not fall into the wrong hands, you need to know what data you are working with, which employees have access to it, how it is processed, and how it is disposed of. Get started by:
- Creating a list of assets your employees use;
- Making a list of the online services your organization uses, and analyzing which of them are critical for your business processes;
- Auditing critical services and their settings;
- Setting clear guidelines for which data can be moved to the cloud and which must stay internal;
- Setting guidelines for which data can be accessed by which employees;
- Arranging security awareness training to teach staff how to handle critical data safely;
- Using a reliable security solution.
According to the survey, 26% of SMBs see data protection as their number one business challenge. That means the other 74% probably aren’t paying enough attention to this problem.
Want to learn more about the results of this survey? Download our report, “Growing businesses safely: Cloud adoption vs. security concerns” (PDF).