I love working with others - collaborate with me

Protecting information – minimising risk to your business

Internet security is becoming increasingly topical and is at the forefront of conversation in the business community. There have been large companies subject to internet security risks and has either been hacked or had personal information stolen or leaked. Small businesses have also been targeted and have had their business information held for ransom. The latter is quite common given small businesses often don’t have the funds, technology or expertise to implement significant security measures.

There are three areas of focus that I think businesses should consider when it comes to internet safety and security.

1. What are you doing in your business to protect client’s information?

Leakage of client information whether it is held at ransom, stolen, misused, or kept from you is significant because as individuals we don’t want our information being used in ways that we didn’t agree to. A leakage or an attack on information can lead to reputational harm to your business.  If you manage a Facebook page or you have an online business where you have members that interact with each other, you should ensure that you have a safe environment for this activity. It is the obligation of the person running a Facebook group or page or website community to ensure that members can interact free from bullying, harassment and offensive behaviour. This is done with active monitoring and having terms in place so you can remove someone from the group if they breach your terms.

There is also an obligation to protect your client’s privacy which extends to the use of technology.

Ever increasingly people are using cloud based technologies, software and Apps to store information. Even though your business is subject to the terms of the provider, it is the obligation of a business owner to make sure you are protecting your clients’ information.  It is an obligation under the Privacy Act if it applies to you – small businesses can be exempt in certain circumstances – not only to have a privacy policy, but to implement measures to protect and keep information secure. One way to minimise the risk is to only keep information you need and that you safely destroy information you don’t need. The more personal information you have in your business the higher risk you are of being more exposed to issues if that information is compromised.  This also extends to your employee information. One of the largest recent incidents in the US involved a company outsourcing its HR activities to a third party that had its systems breached. What resulted was the loss of all employees’ personal information, including their tax file numbers, which is a major concern as that can lead to identity fraud. Business owners should understand how third-party providers keep information secure.

2. Third party providers

Business owners also should consider the security around transferring information such as using software where information flows between systems. This is often something that you can quite easily check in the terms and conditions when you use a third-party service.

The obligation to keep information secure on technology extends to mobile phones and tablets.

Mobile phones are now increasingly becoming easy to conduct business from. We have emails, accounting apps, banking apps, so what are you doing on your phone to secure the information available? There are very cheap and easy to use privacy Aps where you can implement measures such as passcodes, as a basic level, but they also include features where you can log into an account online and if your phone is missing enact trigger the destruction of the data on the sim card.

3. Your business security

In the same way that personal information is exposed using technology, so is your confidential business information, which includes your financials or the work that you do.

This is where opportunists target small businesses by taking control of systems, locking down access and demanding ransoms.

If that small business doesn’t have the information stored anywhere else, they can be willing to pay large sums to have the information released back to them. What can also happen, unfortunately, is that the small business owner gets caught up in further demands for more money if the thief doesn’t release their information once the payment is made.  Simple techniques to avoid this situation can be employed such as changing passwords regularly, having virus scans and backups. If your information is backed up weekly or even quarterly the loss that you face when an attack occurs is reduced and so might be your willingness to pay thieves to release your information back to you.

Are you doing all that you can to protect your information?

Leave a Comment