Why we changed this site: Click here to find out why the website changed.

Close
Created by e-skills uk

e-skills UK Guide

Securing computer data

Understanding the key principles of IT security

The security of IT systems is a necessary evil for many small businesses as it does take an amount of time and effort which many would rather spend on developing their sales, marketing and product delivery.

The scale of IT security that you need to implement will depend on the type of business that you run. For small sole trader businesses the amount of time devoted to this task can be quite small. For larger businesses or those that deal in sensitive areas then more time and effort will need to be devoted to securing your IT systems. 

What is data security?

Data security is a set of policies, procedures and tools designed to protect your data from unauthorised access whether inadvertent or malicious.

In addition to securing your data, you will need to protect it from loss or corruption. This is probably one of the biggest threats to small businesses – losing your data could loose you your business.

What do I need to secure my data against?

There are a number of threats to your business data, including:

  • Mistakes. People can accidentally delete data or records. Mistakes can be made by everyone in the business, so don’t think that anyone, including the principals, are immune!
  • Malware. This includes viruses and other “malicious software” that can harm data and computer systems.
  • Theft. Unfortunately you may loose data if hardware is stolen or individuals take your data without your permission.
  • Deception. There are many email scammers who try and obtain passwords and login details in an attempt to steal money from business or personal bank accounts.
  • ID Theft. This is a growing concern as thieves will steal data that is business confidential and then try and obtain services in the name of your business.

Most small businesses in the UK make bad targets for hackers. If someone has the skills to be a hacker or a fraudster, it makes sense that they target prominent, large organisations that are likely to be most profitable and which have the most lines of attack.

Smaller businesses keep tight control of their finances, and employees tend to know each other well. This makes them more difficult to attack. There is also some security in numbers. For example, if you send sensitive data in an Email, there’s a relatively small risk that someone will:

  • Pick that Email from the millions circulating on the internet at any time.
  • Recognise that the data is sensitive.
  • Have the ability to do anything about it.

You are, however, likely to face automated attacks from viruses and other malware since they attack very large numbers of businesses simultaneously and indiscriminately. The broad message is therefore:

  • Doing nothing is unlikely to be an option for you; there are few businesses that would not suffer in some way if an attack on their data were to succeed.
  • Take a measured approach. Security is a matter of finding a suitable balance between risk and inconvenience.
  • Look for simple and effective ways to secure your data. Complexity brings its own risks. Simple provisions are the easiest to implement and maintain.

Please note

If you:

  • hold a large amount of sensitive data;
  • hold data that might be particularly valuable to others;
  • are an obvious target for attack; or
  • have reason to believe you might be singled out…

We recommend that you seek the help of a suitable IT security consultant.

Security is always a balance

Data security is always a balance between the need to protect data and the need to operate as a small business.

You can have too much security. Taken to an extreme, security measures make it difficult for people to work. They can obstruct your clients, customers, suppliers and third parties that need to work with you.

You can have too little security. Everyone is under attack from automated tools that are constantly probing for weaknesses in your set up. Implementing simple, effective security does not cost a lot – it might cost you nothing at all.

There are few absolutes. Finding a suitable balance is not always easy, but it is something every business has to do. We will try to help you with that.

It follows that you should avoid security consultants that are not prepared to understand your business needs. You are likely to get unworkable and expensive solutions. Equally, you should not take advice from people that are dismissive of security issues. If the way forward is unclear insist on having the options and issues explained to you in business terms.

Not all security measures are technical

Remember, not all security has to be technical. You can beat many security problems by simply using common sense.

You probably have a cheque signing procedure. If your cheque signatories know your business well, it is difficult for someone to get cheques fraudulently regardless of how good they are at hacking into your systems.

Rate This:
i
Bookmark this page:
DiggDigg
del.icio.usdel.icio.us
redditreddit
FacebookFacebook

What Now

floppySave this guide to your profile
printPrint this guide
pdfDownload the guide in PDF version *

* In order to print the guide or open it in PDF format, you will need to install Adobe Acrobat Reader.

Send to a friend

Friend's Name
Friend's Email
Submit

Credits

Close

You have:

0

Credits

For FREE UNLIMITED access:

Login to your account

Email:
Password:

Forgot your password?

Login
Not a member already?
Register Here
You don't want to login? Cancel
Quick Registration

Quick Registration

Get unlimited* access to guides, tips and facts, by becoming a FREE member.

Email:
Password:
Re-type Password:
First name:
Company name:
County:
Region:
Sign up for free site updates
REGISTER FREE
Already a member? Login Here
Don't want FREE access? No Thanks

Registration Benefits

Post Code

Hello User,

In order for us to provide you with the most relevant information, please supply us with your postcode so we can determine your region.

Thank you

Your Post Code:
submit
No Thanks