Data security is an issue that is becoming increasingly important, and one that we should all be aware of to protect both our own and our clients' information. We should be alert for anyone wanting to know details about our businesses – everything from our bank account details to personal client/ respondent information is valuable to a scammer, and is at risk.
February sees the launch of the ICO's new data protection self assessment tool. The tool (along with lots of other useful tools) is aimed at helping small business improve data protection practices – it helps you assess how well (or otherwise!) your business complies with the Data Protection Act.
This is a particular concern for ICG members – the recent survey indicated that a substantial minority of members who are not DPA registered are undertaking activites that, on the face of it, are covered by the act. The tool provides links to guidance and futher information, and also provides an overall rating of current adherence to the act. If you are not sure whether you should be registered, or want to improve, this is a really handy place to start.
The ICO also has various other resources on its site – including a practical guide to IT which is specfically aimed at small businesses and focused on how to keep IT systems safe and secure – download the guide by clicking on the link on the left. This is something that everyone should review periodically to make sure that you are following the latest recommendations and are keeping your (and your client's) data secure. The ICO also has supporting articles and links to other useful resources – click here for further information and to look at the ICO's top tips.
The MRS also has a section on data protection with videos, example contracts etc – the information is available to members
But much of it is about being alert and supicious (I know that is counter to how we like to deal with people, but scammers rely on this vulnerability to hook you in). Some sensible advice from Gill Wales includes:
- Don't use the same password for everything
- Put a piece of tape over the camera on your laptop/ screen
- Back everything up several times (to different places)
- Back up whatever you've just been working on immediately
- Beware of phone scammers (eg those who claim to be calling from your broadband provider to tell you they've detected a problem with your computer, you phone provider wanting to change something or your bank/ financial services provider)
- Password protect sensitive documents (and think about encrypting these if you are emailing them)
- Don't provide any more personal information (your own or anyone else's) than is justified for the purpose
- Check your security settings on social media
- Familiarise yourself with your web browser settings
- Don't open links in emails, even if from familiar correspondents, if the content seems out of character
- Make sure your broadband router settings prevent your neighbours accessing your wi-fi
- Think twice about what you access online when in public places
- Don't leave your laptop/tablet/phone or any portable data storage devices in your car or unattended in a public place
Most importantly, if anything looks odd or 'not quite right', don't be afraid to stop the conversation/ transaction and check/ verify. If you are verifying something, do so from a different phone and using a number that you already know or have sourced independently (don't call the number someone gives you or that is in the email).
Interestingly whilst browsing the ICO's site I also came across a really interesting article about how shops are using your phone Wi-Fi to track shopping movements – this allows retailers to build up a picture of how people use the store and potentially allows them to send personalised offers to shoppers as they browse, based on how long they spend at a display/ how often they try on articles of clothing etc. There are clear research implications – click here to read the article… – and also shows how easily available your information is (and how potentially vulnerable we all are).