An 8-step guide to safe data storage and protection

Figures from PWC suggest that as many as 90% of largeorganisations and 74% of small businesses experienced a data security breachlast year, while more than half of businesses surveyed expected to see acontinued rise in the number of such incidents in the future. 

For a small firm,the average cost of a serious breach is estimated at upwards of £75,000,demonstrating just how crucial it is to keep pace with the threat.

The very real threat of a data breach means that addressing safe datastorage and protection should be a top priority. For many businesses, a crucialelement of guarding against it will mean putting adequate cyber securityinsurance protection in place. It also involves adopting processes, policiesand safeguards to minimise and manage that risk. With this in mind, here’s astep-by-step guide to help you ensure your data storage practices are up toscratch.

1. Identify where your risks lie

Three questions need to be answered before you start shopping around forsoftware and other tools to protect your digital and physical data. What is thenature of the data you need to protect? How is it under threat? What are thepossible consequences of that data being lost or falling into the wrong hands?

Your risk profile relates to a wide range of factors, including yourtype of business, whether and the extent to which you ‘control’ customers’personal data, how long certain types of data have to be retained as well ashow your business is organised. 

For instance, are you a small firm whereeveryone works on-site and where the main security concerns centre aroundcommercially sensitive information linked to you and your clients? Or perhapsyou have an army of remote workers and your data profile involves handlinglarge volumes of data linked to customer accounts? In these two examples, eachfirm is faced with distinct risks, and the measures implemented to address thoserisks will differ accordingly.

2. Know your Data Protection Act obligations

For a very large proportion of UK businesses, how you approach safe datastorage needs to be looked at in the context of The Data Protection Act. Thisapplies to virtually all commercial organisations who electronically storecustomer details. If you are unsure whether and to what extent the Act appliesto your business and whether you need to register as a ‘Data Controller’, findout by using the ICO Self-assessmentguide.

To protect data from loss or unlawful interception, The Data ProtectionAct says you must have security measures in place that are ‘appropriate’ to thenature of the data and possible consequences of the risk. Instead of specifyingwhat this might mean in practice, the law deliberately leaves thiswidely-defined; requiring businesses to think carefully about what is and isn’tappropriate for them. It’s one of the reasons why it’s so important to carryout a risk assessment.

3. Factor in any industry-specific requirements

Professionals usually have a further layer of regulation to factor inwhen thinking about data protection: the rules and guidelines set out by theirrelevant professional body.

Rather than regarding this as another layer of red tape, keeping on topof best practice can help you get your data protection strategy right. Forinstance, opting for a customer relationship management system or a cloud-basedstorage solution that’s recommended by your regulatory body can stop you fromtaking unnecessary and potentially costly risks with an unknown provider.

4.  Get in expert help

Putting together the right combination of firewalls, encryption layersand other tools you might require to keep your data safe demands a specialistapproach. Rather than relying on your all-purpose in-house IT guy to cobblesomething together, seek input from a provider with verifiable expertise inhelping businesses to safely store and protect data.

5. Build a logical data storage structure

As well as being an important part of data protection, this approach canalso help your business become better organised - and perhaps even moreproductive. Rather than files being stored and accessed haphazardly across yoursystem, aim for a well-planned folder system, organised according to departmentor business activities. With your data files organised logically, it makes iteasier to control user access, apply the right level of restrictions and keep trackof when and which data files are suitable for archiving or deletion.

6. Implement data storage rules

Having built your storage structure, you must also ensure that youremployees know how it works and how to use it in the right way. Your datastorage policy will set out what data must be kept, where it should be storedand the process for deleting data.

7. Educate your employees

Your data storage and wider IT usage policies set out the rules. Giventhat around half of data breaches stem from human error, it’s also important toeducate your employees on just how important it is to follow those rules. Thisincludes making sure they are clear on the possible implications of ‘badhousekeeping’ such as weak password protection and use of unauthorised devices.Make sure that the consequences of infringements are made clear in yourdisciplinary procedure.

8. Have an action plan in place for dealing with breaches

Employees should be clear on who to tell and what to do in the event ofan actual, potential or attempted breach, including incidents such as lostdevices and receipt of suspicious emails.

At your end, a suspected breach means contacting your response teamimmediately. The aim is to identify, stem and assess the extent of that breachas soon as possible. You must also consider your legal or regulatoryobligations to notify any third parties affected by the breach.

Find out how  cyberliability insurance can protect you in the event of a data breach byspeaking to our team of experts today.