For any business, data represents one of the biggest assets. It is imperative to keep business and personal data safe. Protecting it against accidental loss, disaster and criminal activity should be a top priority for any organisation, irrespective of sector or size. Whether in paper or digital form, the way in which it is stored, shared, managed and ultimately destroyed is of critical importance.
Here are just some recommendations from Box-it North West:
It is good advice to regularly assess the risks to your business data. Understand what data you hold, both in paper and digital format, and record exactly where and how this data is stored. Documents may be stored at more than one location (not necessarily within your business), on multiple devices such as desktops, laptops, tablets, mobile phones and memory sticks. Best practice is to implement some central control measures – the more places in which your data is stored, the greater the risks. Think what damage that disgruntled employee could have, or the consequences of a device being stolen or lost. It is important to evaluate all risks to data, including theft, loss and take all measures to safeguard against such situations. Have a robust contingency plan in place, as well as a specific plan for data recovery so that you can restore information should you need to.
Data security should be part of your corporate culture. This is achieved by effective internal communications, training and management. Employees who have access to data also need to take responsibility for its safekeeping and need to understand the consequences of breaching the Data Protection Act. Compliance is not an option, it is a statutory obligation. Try to implement systems and processes that are user-friendly and not too time-consuming as this very often makes the difference between employees adopting best practice, or finding short-cuts to get round the system!
Physical documents are prone to being copied, shared, lost, damaged and can be regularly moved from one place to another.
Storing paper records safely and taking as many precautions as possible to protect them is essential. Consider using the services of a reputable document management company that provides archive storage. Why is this safer? There are many reasons. Firstly all paper archives are barcoded, security strapped and fully tracked, which is unlikely to happen in your normal office environment. Boxes and files are stored in secure warehouses. Take Box-it North West’s document storage centres for example. They are monitored by CCTV around the clock, protected by intruder alarms and smoke alarms in a secure rural location. The document storage centres are also humidity controlled to help prevent paper from deterioration. In short, your paper records are held in very secure conditions, and you have the ability to retrieve them as and when you wish.
Managing and sharing paper records safely and compliantly is also important, whether this is current or archived material. Only those authorised to do so, should have access to confidential, sensitive or personal information. Issue guidelines and implement a system to control this. Omnidox Records Manager from Box-it North West is a good example of a secure Cloud based platform that gives you all the tools to manage your physical, stored archives online.
Dispose of paper records securely at the end of their lifecycle. Adopting a ‘shred-all’ process is good advice, and if this seems too time-consuming to do internally, then you may want to consider using a professional document shredding company which offers confidential destruction services. Always check their security credentials. Box-it North West provides secure onsite and offsite document shredding services and operates to the highest industry standards.
Digital records are of course prone to all sorts of risks. This may be down to data being lost through human error, hardware/software malfunction, power cuts, flood/fire disaster or more sinister activity, such as theft, cyber- attacks or deliberate deletion. While there isn’t a business that is immune, there are measures that can be taken to reduce the risks. Just like their paper counterparts, the same issues need to be addressed: how and where they are stored, who has access to them, how they are shared / transferred, and how redundant information is erased.
Storing data: There are many means of storing data electronically such as storage on local drives/in-house servers, discs, tapes and memory sticks, and Cloud based storage. Removable/portable media, such as disks and memory sticks, are prone to loss, damage and theft. It is easy for them to fall into the wrong hands. Every business needs to regularly back up its data and it is imperative that these back-ups are stored in a fire-proof, flood-proof locked environment, ideally offsite. Always test that back-ups work so that you have the ability to restore data. Information may be stored on in-house servers, or on external servers (eg. outside of your premises). The countries in which these servers reside are important. If you are a UK based company, try to ensure your data is stored on UK based secure servers. Cloud based solutions are very popular to free up onsite storage and share information across the internet, but do your homework before implementing a system. Cloud based storage products have many benefits but find out whether they are hosted in the UK, whether they use encryption, and ensure they utilise the highest standards of security and use sophisticated firewalls.
Managing and sharing digital documents: So, you have all your documents saved electronically, but how do you manage them, share them and control them throughout your business? You need a system with passwords in place for authorised users (usually with varying user levels and permissions). Be mindful of who you are sharing the data with (especially if sharing it with someone outside of your business) so as not to breach the Data Protection Act. Find out about electronic document management systems. There is software available to purchase, very often with user licences that need in-house IT support, or Cloud based electronic document management solutions, offered as software as a service (SaaS).
Omnidox electronic document management from Box-it is a good example of a UK hosted, highly secure service which gives you all the benefits of the Cloud, with all the peace of mind you need in terms of data security. It allows you to store, share and access information from any device with internet access, via a secure link. With Omnidox, you can assign tasks, schedule reviews and updates. Data is encrypted using SSL on transfer. Omnidox has powerful reporting features to support document retention management and is a very user-friendly platform, which means it is a concept that your colleagues are likely to welcome, rather than dread! Think of it as an electronic filing cabinet but one real advantage of Omnidox is just how quickly you can search and retrieve information. It allows you to set user rights, roles and permissions, and generates a full audit trail of document activity. Omnidox has robust password controls, and if required, can be restricted to your premises’ IP address.
Deleting/Erasing Data: It is important to erase all data from hardware when it is due to be replaced. This includes desktop and laptop computers, tablets, hard drives, mobile phones, photocopiers, fax machines and printers. They all store your data! There is deletion software available, some more effective than others, so understand what it is and isn’t capable of doing. Some devices feature ‘restore to factory settings’. Professional services are also available to wipe data clean, or destroy equipment, such as hard drive destruction services. Get advice on the best method of destruction for the type of media you are using.