Monday, 20 April 2015

Data Security is no joke

Who is really responsible for your data? I mean its security I suppose.

It is a good question, maybe even a great one. I have always been amazed at how casual businesses are about their databases, because for all the talk and the squillions spent on CRM systems and software they are still mostly pants, but someone really does need to be in charge.

These days I get involved in data security at the asset disposal end of things and I am amazed at how casual some people are about their old kit. Just the other day I found a new tenant who had ‘inherited’ an old server, four laptops, a huge, heavy power unit of some description and the usual clutter of wires and keyboards from the previous occupiers. No one knows what is on it. No one seems to care. But there is enough memory there to hold the meaning of life, which is of course 43 according to Monty Python, or was it 41?

USB thingy’s are cheap and readily available (Note use of technical term. If you are expecting to be blinded by science, you are reading the wrong blog!). Your complete customer database is now in the possession of young Ryan in sales, who is about to get a bit sozzled and leave his jacket in The Three Horseshoes.

There must be processes for this sort of stuff. We all laugh at Health & Safety until we fall off the ladder and break our necks and data security is much the same. I was talking with my MD Jane Taylor just this afternoon and she suggested that people did not understand the risks. I am not sure I agree. I think they know what could happen, they just don’t think it will. Not to them. Who cares about the customer database of V. Cheap Building Supplies (Ambridge) Ltd? No one is going to rifle through the hard disk on that PC Mr Cheap donated to Save A Squirrel, are they?

But what if they do?

A data breach is a data breach. The laws apply equally to the very small and the very big. Everyone really has to take this seriously, even if the risks do seem small. I have car insurance. I haven’t had any sort of accident involving a claim in almost fourteen years. I calculate that to be about £7000 worth of ‘wasted’ insurance. Following a process to protect our data is like car insurance. I hope you never need it but if you do, you will be glad it is there.