Beginner’s Guide to Data Security and Encryption

Many of our customers in Abilene and beyond are asking us,

“What are data security and encryption, and why are they important to my business?”

After all, much of the business community here in the Texas Big Country and West Texas is comprised of small and medium size businesses. You might assume that because of this, business owners here don’t face many security threats.

If you agreed with that statement, you’d be wrong.

Why is Data Security Important?

According to Michael Dell, founder of Dell Computers, “data security is a major problem for any company that has valuable information to protect, and that means most companies these days.”

Whether you’re a big retailer like Target, or a small CPA, attorney or medical office, chances are your business handles sensitive information from your clients and customers on a regular basis. Not to mention, you may have information about your own company that needs to be kept secure.

Even businesses that you would not normally associate with sensitive information, such as restaurants and retailers, often handle financial payment information that needs to be secured against theft or misuse.

The biggest challenge is that while you and your business may not be focused on internet technology or cybersecurity, this world’s hackers and identity thieves are. And they are growing ever more sophisticated.

Dell states that cyber-security is the biggest unmet need for most businesses these days, and that for small businesses the risks are even greater than for large enterprises, because, “An attack that compromises company accounts or customer relationships can directly affect an entrepreneur’s personal security and finances. Moreover, that entrepreneur won’t have access to the resources for recovery and defense that are available to a major corporation.”

What is Data Security?

Data security, sometimes referred to as information security or computer security, is defined as digital privacy measures that are taken to protect your important personal or business data. Data security encompasses a variety of techniques, including encryption of files and drives, as well as securing servers and networks to prevent unauthorized access to computers, databases, servers and websites.

Who needs data security? Pretty much any kind of business, and most individuals, have at least some level of data security needs. Healthcare businesses, for instance, are required by law to maintain security for all patient health records. CPA businesses and attorneys must also protect client information. Companies that handle proprietary information or intellectual property that gives them a competitive advantage, must also keep that information secure.

Essentially, any business that handles financial or personally identifying information on behalf of others, needs to do whatever it can to keep that information safe. And, of course as individuals, we need to keep our own personal information safe to prevent issues like identity theft.

What Is Encryption?

In a nutshell, encryption is the scrambling of data so that only those with the correct encryption key can read it. Encryption can be applied in a number of ways and at any level in your business, including:

• At the file or email level – you can encrypt individual emails or files on your device.
• At the drive level – you can encrypt an entire drive, whether a portable drive, or a hard drive on your computer.
• At the device level – you can encrypt everything on your device, including all files and drives. This includes desktops, laptops, and mobile devices.
• At the server or network level – you can encrypt an entire server, or everything on your network.

Encryption works a bit like those encoder rings kids used to get from cereal boxes, or the cipher machines in old spy movies. They take data and “scramble” it using an algorithm or code – that same algorithm must be used in order to decrypt the message.

Just like in the spy movies, the encryption codes can be broken. Today’s hackers are constantly trying to crack the codes used to encrypt messages, while network security experts and software companies are working as hard as they can to come up with new encryption codes and methods to protect data. Because of this battle, it’s important to make sure that whatever security measures you take to protect your data are updated regularly.

When making decisions about whether to use encryption, it’s important to consider what kind of data you have, and how you use it – whether your data tends to reside in a single location, or if your data is “on the move” across multiple devices or networks. The more mobile your data, the more layers of security you may need to keep it safe.

8 Quick Data Security Tips

1. Use Strong Passwords – Don’t use personal information, numbers, or common words in your password, and change your passwords frequently.
2. Firewall Your Network – Firewalls control internet traffic coming in and out of your business. If your business does not already have a firewall in place, this is a critical step. Once the firewall is installed, remember to apply all required updates in a timely fashion.
3. Install Antivirus Protection – Antivirus and anti-malware software are essential data security measures to protect the integrity of your information. Install protection and update regularly.
4. Update Operating Systems and Software – Regular software and program updates help to ensure security patches are applied regularly. This is one advantage of Software as a Service applications like Microsoft 365; security patches are automatically applied for all users on a regular basis without any intervention on your part.
5. Secure Laptops and Devices – Laptops and mobile devices are at high risk for theft. To protect yourself and your data, never leave your laptop or devices unattended in non-secured locations such as a car or coffee shop. Encrypting your laptop and mobile devices is also a must to prevent unauthorized access. For mobile devices, a couple of extra steps are also a good idea: use password protection with a “lock out” option, and enable remote wiping. Another advantage of Microsoft 365 is that remote wiping can be provisioned to all devices, so you’ll have it if you need it.
6. Backup your Data Regularly – Servers and computers should be backed up at least weekly, or as often as necessary. Some businesses back up data nightly, or every couple of days. The frequency really depends on the needs of your business.
7. Monitor Continuously – You’ll need to constantly monitor to ensure that your data security efforts are working. Data leakage prevention software, which monitors your network to detect what kind of data is leaving your network, is a good option. In addition to software, a specific person needs to be accountable for monitoring. This can be either someone in your company, or you can hire a network security provider to handle this for you.
8. Educate Your Team – Make sure your staff practices good security measures, from setting strong passwords to being careful with email, downloads and surfing the web. Make sure they understand what sort of online practices to avoid, so that they don’t inadvertently make your company vulnerable to attack.

For many small businesses that are lacking IT expertise or manpower to ensure these guidelines are followed, hiring a network security expert to assist with your data security efforts can ensure that your business has the protection it needs to avoid security breaches and loss of critical data.

Questions about data security and your business? Leave us a message below!