I am frequently surprised about how business owners approach security and IT. Many ignore what I would call basic red flags. I get necessity, and cost, but is it really wise to risk everything by not thinking about how you can be better. Especially when securing the information you rely on for your business to run.
Legally there’s the data protection legislation to think about. Practically you’ve got so much information about how your business runs and who it relies upon in your systems protecting it. Then there’s protecting your hard-earned income. Why would you want to waste all that effort only for funds meant for you to go to scammers who redirect your money to them.
It really is your money, and your reputation we are talking about here. All that you are working towards depends on you getting the money that you have worked hard for. How you organise yourself and what you believe is right for you (and when choosing the IT strategy that would work best for you), will determine the likelihood of you losing money. It really is that basic.
A good IT strategy means that every piece of information you have is behind a barrier. The more important the information is – the more barriers you should to put in the way of it.
Let’s look at banks and security boxes. If you had your gold bar (well we can dream, can’t we) in a security box that was unlocked and in the banking hall, you’d be unhappy with that arrangement. This is why banks have vaults, within which are locked security boxes. That’s three physical barriers. There is often a fourth procedural barrier too. You must be the person authorised to open the box you want to access. You need to think of the information that your business relies upon in the same way.
There is some legal guidance to consider here too. If you hold Special Category Data, or Information Related to Children, you are expected to apply security at least one level higher than other personal information. The recommendation from the ICO is that this data should be encrypted to keep it safe.
What you do in your business is, or course, completely up to you. However, you should view your policies and activities that relate to security and confidentiality as an investment. Getting your way of doing things right for your business will cost you a lot of time.
Time to find the right person to support your business, understand your ethos, and work with you to provide practical solutions.
One decision is cloud or office-based server. Which is better? Not asking an IT professional for their view could be like starting world war III for your business. The answer is whatever suits your circumstance, which includes whether you have a physical presence in just one location, or multiple locations.
Most of us start in a spare bedroom, or a shed, or a garage, and many of us don’t venture out of it as our business model doesn’t support doing so.
But.
How you interact with clients and suppliers (especially as a service provider) can influence that physical vs cloud decision. Being able to access a single version of any of your files wherever you are in the country (or the world – for that matter) may be a requirement. Therefore, to rely on physical machines to complete all your work on you will spend a lot of time duplicating filing structures across all your devices.
Not in a legal sense, but time holds one of the keys to your success and how you should manage the data your business relies upon. For once I’m not going to focus on Data Protection, this is far more fundamental. The longer you operate on a single machine the more likely it is that a component will break. It could be the motherboard, the hard drive, the graphics card. Any breakdown increases the risk of not being able to service your clients effectively. How long will new have to wait for that new component to arrive and will all of your data still be available for you to reference and use in the development of your business?
Time, as in how long your business has been operating for, may also influence your decisions hugely. The longer you are operational for the more historical information you have. I have always had an external back-up of my data timed to happen at a certain time every day. It wasn’t a particularly complex things to set up, but it gave me peace of mind knowing that my data was safe.
Yes, I have moved to a cloud-based system. It has data encryption included automatically, for additional peace of mind. I have paid for an email screening service to remove suspect emails from my inbox. I have also paid for an external back up process, just in case anything should go wrong in my cloud.
We forget that things can go wrong in the cloud when it’s a sunny day. But they do, so when everything is going well remember that clouds don’t always have a silver lining.
No matter you do and where you are on your journey, getting the IT set-up, and security measures, wrong can cost you your business.
60% of companies fail within 6 months of suffering a data breach and 72% fail within 2 years. Not knowing how easy it is to breach your systems can be the key. But a penetration test often starts around £2,000. How do you keep yourself safe without spending a fortune? Make your system secure, but by being practical and relatable.
Secure is not using your data of birth, or your name, or your address, or your children’s data of birth. But if you might get a secure password if you bring together many elements of your past, or your aspirations. I’m an advocate of using three words, that mean something to me, in a random order, and I add a number sequence and a special character.
That isn’t enough for me though. I always use Two-Factor-Authentication, or 2FA, where it is offered by a system. I normally only choose systems that offer that facility too, by the way. Most 2FA systems are free too. Even when that doesn’t seem to be safe enough, I do more.
A person I interact electronically with feared they had been compromised. So I asked my IT provider to complete a pro-active scan of my devices (and they have access to all of them). I got complete peace of mind for under £130, and that a one -off cost for the last 8 years of trading.
So, what’s the cost?
If you’re careful, not a lot financially. But it will take brain power. Time to think. Time to work out what’s most practical. And – it’s never a one-off exercise. Because we change and the world around us changes we need to change too.
It’s time for you to put your thinking cap on. Think on things like, Where are you in journey? What do you want to do next? How do you want to be perceived?
Only having a Gmail, or Outlook email account for your business can lead to a perception of it being small and, relatively, vulnerable. You will need a Gmail account to manage the Google page for your business, but having a domain registered email account enhances the perception of your business.
Your whole setup – from just working from your phone – to having a multi-million pound turnover company can be spoilt by having bad security procedures.
I keep on hearing this phrase. “You don’t know what you don’t know”. It’s annoying that I hear it so much, but I also know that it’s true. Any of us can mess up because we either haven’t listened properly or haven’t taken the time do our research properly. Don’t be one of them and get to know something you don’t know today. Then do something about it.
Let’s not beat around the bush, there is a lot of information in here, and based on some of my blogs, this one is quite heavy on detail. Please look through the other blogs here: https://eyebray.com/blog/
The information you want may well have been provided already. Some blogs, like this one, are very detailed.
We would be pleased to answer your enquiry through email at enquiries@eyebray.com, by calling 0743211611, or by using https://meetings.hubspot.com/eyebrayltd to see when I am free.
