Data Security is No Joke

Who is really responsible for your data? I mean its security I suppose.

It is a good question, maybe even a great one. I have always been amazed at how casual businesses are about their databases, because for all the talk and the squillions spent on CRM systems and software they are still mostly pants, but someone really does need to be in charge.

These days I get involved in data security at the asset disposal end of things and I am amazed at how casual some people are about their old kit. Just the other day I found a new tenant who had ‘inherited’ an old server, four laptops, a huge, heavy power unit of some description and the usual clutter of wires and keyboards from the previous occupiers. No one knows what is on it. No one seems to care. But there is enough memory there to hold the meaning of life, which is of course 43 according to Monty Python, or was it 41?

USB thingy’s are cheap and readily available (Note use of technical term. If you are expecting to be blinded by science, you are reading the wrong blog!). Your complete customer database is now in the possession of young Ryan in sales, who is about to get a bit sozzled and leave his jacket in The Three Horseshoes.

There must be processes for this sort of stuff. We all laugh at Health & Safety until we fall off the ladder and break our necks and data security is much the same. I was talking with my MD Jane Taylor just this afternoon and she suggested that people did not understand the risks. I am not sure I agree. I think they know what could happen, they just don’t think it will. Not to them. Who cares about the customer database of V. Cheap Building Supplies (Ambridge) Ltd? No one is going to rifle through the hard disk on that PC Mr Cheap donated to Save A Squirrel, are they?

But what if they do?

A data breach is a data breach. The laws apply equally to the very small and the very big. Everyone really has to take this seriously, even if the risks do seem small. I have car insurance. I haven’t had any sort of accident involving a claim in almost fourteen years. I calculate that to be about £7000 worth of ‘wasted’ insurance. Following a process to protect our data is like car insurance. I hope you never need it but if you do, you will be glad it is there.

Back in the Wacky World of Data

My journey into the sometimes disturbing world of data and business information started some eighteen years ago I suppose, and after a brief hiatus I find myself back, this time trying to get my head around the business of recycling IT equipment and making sure that no data falls into the wrong hands during the process.

This is serious stuff. The Information Commissioner will soon have the power to fine companies and organisations 2% of global turnover. My local hospital was recently fined £200k for a data breach caused when they got rid of some PC's to the wrong man. And it's not just the fine. The guilty culprits are all over the internet, there for all to see. Just type in data breach and you'll see them too...or visit the ICO's website.

On joining eReco, a fine company operating out of sometimes sunny East Grinstead in West Sussex, I have gone on the usual steep learning curve. I have learned a lot of jargon, which we will revisit when this Blog finds its feet no doubt, and I have talked to a lot of customers and prospects. I find that a good place to start, long before I know what the hell I am doing in normal circumstances, because if you ask the really dumb questions you get some surprising answers.

Now even before joining www.ereco.co.uk I knew that deleting a file in Windows did not remove the data from your hard disk. But one of the first accountants I talked to did this, and then gave his redundant PC's away to a charity. So he has given away all of his data, all his clients data, and he has not even thought about the risk to his brand, his business or his career?

Crazy, I think so.

Most business owners know two things about this subject. One, you can't just throw IT equipment away. It's illegal. And you can't take it down the dump either, that is not for business use. So it is a problem.

Secondly, everyone knows that the hard disk is another problem. We may not be sure what one looks like but we all know it is there, and that it has our whole lives on it somewhere...passwords, figures, bank accounts, everything we ever do.

So even though we have a shiny new bit of kit on our desk, we are not too sure what to do about our old friend. If we are lucky enough to work for a big-ish business someone in IT might do it for us but quite often it will end up in a storeroom somewhere. The risk is not diminished, it's just moved.

So...are you a hoarder or giving your data away for free?