Data worth protecting
The data you want to protect includes any information you collect, store or use. This might be anything from tax records to a customer information database, secret recipes to employee files.
The larger your business grows, the more thought and effort you’ll need to put into keeping your data organised and safe.
Don’t postpone putting some plans and procedures together. It will:
- save you time
- protect against losing important information if something breaks down or you’re hit by a cyber attack.
Work out your data storage needs
The amount and type of data you need to store depends on your line of work and how quickly it's updated. The type of back-up media you use and how often you should back up depend on how quickly you want to restore it after an incident.
To find the best storage option, it’s important to know what data you need and how you use it.
Finding out what data you need
List the data you have in paper records, stored electronically or on devices used in your business. Then, identify what you need to run your business – what you couldn’t do without or find elsewhere if needed.
This could include:
- bills, invoices and receipts
- sales records, tax records and employment records
- supplier details, contracts and sales agreements
- customer or client information – for example contact details, bank accounts and payment details
- emails, documents, spreadsheets, reports and other work files – for example, photos and images.
Under the Privacy Act, you must do everything you reasonably can to keep information safe. The more sensitive the information, the more security measures you will need to take.
Managing data access
Ask yourself who needs access to the data. Make sure your storage solution allows the right access at work and offsite.
You’ll need to store most data for a couple of years, but some data needs to be kept for longer. Don't store data longer than you need to.
Cloud online storage
The cloud is the network of servers that host services on the internet. Many businesses use the cloud to store, manage and process at least some of their data. Examples include Google Drive, Dropbox and iCloud. When looking to sign up to a cloud service, think about the following factors to compare what’s on offer.
Access
You should be able to access data anywhere and anytime you can get online, including on a smartphone. However, if you can access it anywhere, attackers can too. If you have to access sensitive information out of the office, do it on a secure connection, not an open network or public Wi-Fi hotspot. Make sure staff who work from home use a secure Wi-Fi network. Ask the provider how easily and securely you can collaborate on documents with colleagues and clients, for example for day-to-day business and projects.
Security
Storing your data in the cloud instead of a hard drive means you won’t lose access to it if something happens to your hard drive.
To keep sensitive data secure on the cloud, make sure you:
- encrypt it (some cloud services encrypt files for you)
- limit access to authorised people
- turn on two-factor authentication. Some cloud services encrypt files for you.
Even if you’re not an IT expert, you should still feel confident about what you’re getting. Before you sign up check the contract’s terms and conditions about cyber-attacks or loss of data, and ask the service provider about their security practices and when they'll notify you if there's a breach.
Cost
Determine how much future storage you’ll need. The cloud can be cheaper when it comes to scaling up your needs. There should be a range of prices depending on how much you want to store and the service level. Check special offers for signing up. If you can’t negotiate on price, you can still compare prices between services.
Service
Cloud services often cater for a range of business sizes and budgets. If you don’t need on-call 24-hours-a-day support, the costs should be much lower.
Consider:
- if an overseas service with different business hours would affect response times to queries
- how long it would take the service to start running again, if it becomes unavailable.
If you hold government data, you may be required to use a New Zealand-based cloud server. The Government Communications Security Bureau has a manual on keeping government information secure.
New Zealand Information Security Manual - Government Communications Security Bureau
Changing providers
It’s usually very easy to change services. Notice times will be in your contract.
If you want to switch providers, consider:
- what happens to your data
- how easy and secure it would be to transfer it.
Storage space
It’s usually easy to upgrade or purchase more space if you need it. Consider different storage plans available and any costs to switch.
Reputation
Check the service’s reputation by doing an online search of its name and words like ‘security’, ‘privacy’ and ‘breach’.
Location
Privacy and data protection rules can vary between countries. If your business is concerned about privacy, ask where your data will be stored. You are responsible for protecting personal information, stored both in New Zealand and overseas.
Other storage options
You can use these storage options instead of, or in addition to, cloud storage.
Personal computer
If you don’t have lots of data, you can use a PC hard drive. Large amounts of data on a PC can slow its performance, but you can boost storage if needed. Note that a desktop computer provides a hard drive and operating system for only one user.
Server
A server provides services to many users, like file access and storage. You’ll need IT help to maintain one. Ask them how often they update them and how they'll secure them.
External hard drive
These are a good option for backing up data and offsite storage. They offer more storage than a PC and are relatively cheap and easy to transport. Remember to put encryption on it to prevent it getting stolen.
USB drive
Also known as a USB stick or flash drive, they’re small and can store moderate amounts of data. They are a good option for backup copies or for working offsite. Put a password on it so if it gets lost, it's still protected.
Disc
DVDs and CDs can store moderate amounts of data and can be useful as backups to keep offsite.
Filing cabinets and storage
If you store paper files with sensitive information, make sure you keep them in locked cabinets. Consider a fireproof model for extra protection.
Back up data
You should regularly make copies of data in case original data is lost or stolen. This is called backing up.
This is essential for your disaster recovery. If you store data in the cloud, this should be done for you. If not, look at getting software that backs up data automatically, so you don’t need to think about it.
These are some tips for backing up:
- Do it regularly – if it’s not automated, back up your system at least daily.
- Secure it – protect files with passwords and keep them securely at work and offsite.
- Back up everything – this includes any device used for your business, like smartphones, tablets and computers.
- Keep several copies – store copies of backups in different locations, physically and in the cloud, to spread the risk.
- Test it – check your back-up process works by trying to retrieve stored data. When you’re happy it works, set a schedule to test regularly.
Training staff
Make sure everyone in your business knows which data to store, how to do it and why storing information is important.
If you use online storage services, consider different levels of knowledge around technology and give staff support or training if they need it. It’s helpful to put your procedures down in writing.
Help staff form good online habits, including:
- always signing out of online services
- not saving passwords
- closing browsers after use.
Learn more about