Why you need a data protection policy

It’s easier than ever to share data and files in the workplace. That’s a huge benefit, but it also raises some issues. Here’s how to handle them.

Understanding the value of your data

All data has value, even if it’s not immediately apparent. But some types of data are more valuable than others. We can break this down into two main types:

Your business data. This is valuable because it contains sensitive information that helps you stay competitive. That includes financial or accounting details, client contacts, project information, intellectual property (IP), staff salaries and so on. If it leaked out then you may lose your competitive edge – and maybe more.

Client data. You might be entrusted with sensitive information about your clients. This could include their IP, some of their financial information, expansion plans and other ‘secret’ data. If this leaked out you may find yourself on the wrong end of a lawsuit, and highly embarrassed too.

Data leaks have seriously damaged many businesses over the years, some of them terminally. Often law-enforcement agencies get involved, for criminal prosecutions.

But there are other risks too. Ransomware is increasingly common. This involves company data being encrypted by hackers’ malware, then a ransom being demanded for the decryption key. Many companies pay up rather than lose their valuable data, but it’s a big price to pay for poor data security.

To help prevent all of this happening to your company, it’s important to have an effective data protection policy.

How are your staff sharing files?

Sharing files and collaborating on projects are vital for many businesses’ operations. But there’s a right way and a wrong way to do it. The right way is to have a secure internal system through which your staff can work freely – but which nobody outside the company can access.

According to Delia Gill, Managing Director of Wellington-based solutions provider IT Engine, there are plenty of examples of companies getting it wrong. “One company allowed each staff member to set up their own personal Dropbox account. This worked until a key employee resigned… taking his password with him.”

It’s important to keep control of accounts within the company. That way, when an employee leaves, you’ll still have access to the data.

Using free online storage accounts is unwise anyway, unless they’re properly incorporated into your IT system. They are often unencrypted, which means that anyone can access your data if they know where to look.

Password planning

Passwords are the gatekeepers to all your data. They need to be strong and secure, and also changed regularly.

Managers need to be careful here. They must respect their employees’ autonomy and privacy, but also need to access leavers’ accounts if necessary. A good data protection policy will incorporate this balance.

BYOD – but keep it secure

BYOD (bring your own device) allows employees to use their own laptops, phones and tablets. If done properly this can save costs and boost productivity.

But if done badly it’s a recipe for disaster. Unsecured devices could be hacked or could infect your IT system with malware. So before going down the BYOD route, talk to your IT provider for advice.

Working from home

Flexible working can increase productivity but, like BYOD, it can also increase risk. No sensitive data should be stored on employees’ home devices, and all logins should be through highly secure channels.

Good anti-malware tools are essential, as are regular updates and security patches. In fact it’s often more practical for you to provide secure laptops for your employees than to let them use their own.

Securing mobile devices

At the very least, every work phone must be PIN-secured so that its data can’t be accessed if it’s lost. Restricting the type of apps installed on work phones is also wise, since many apps have been shown to contain spyware or malware.

“Do a spot-check,” says Delia Gill. “Every so often ask for someone’s work phone and check that it’s secure. If not, that’s a serious breach of security, for you and for your clients.”

Mobile devices are particularly vulnerable to hacking, theft and loss. For this reason they must be properly secured at all times.

Educating your staff

One of the most important features of a data protection policy is educational. Many new employees will have no idea about the risks involved when sharing data.

Hacking is now big business, and professional hacking teams will target companies both through conventional hacking methods and by email or even phone call.

By explaining the serious nature of the risks, you can change your staff from targets to protectors, actively looking after your firm’s data.

A policy to keep your business safe

Without a data protection policy your business is flying blind. No policy means no management, no oversight, no real understanding of the risks. So when – not if – problems occur, without a data protection policy you’ll have no plan for dealing with them.

So make sure your employees are aware of the risks and following best practices. Talk to your IT provider about drafting a data protection policy for your company. With their help you can keep your data – and that of your clients – safe and secure.

Helping your IT provider to help you – five top tips

It’s good to know that your IT provider is there to help you if things go wrong. But did you also

know that you can help them to solve your problems faster?

Communication is at the heart of IT, and that includes communicating with your IT provider.

According to Delia Gill, Managing Director of Wellington-based IT provider IT Engine, little things

can make a big difference. Here are five ways in which you can help your IT provider to help you.

1. Provide at least two months’ notice of an office move

There’s a lot to do when a business moves to new premises. From cabling to ISP

notification, fibre connection to server configuration, it takes time to do it right. Two weeks is

not enough!

2. Let your IT provider know before your website team makes any changes

According to Delia Gill, this is often overlooked. If your web-dev team makes some

configuration changes behind the scenes, that could affect more than just the website’s

design. It could take your site offline and even prevent email access. Make sure your web-

dev team talks to your IT provider before they start work.

3. Adding new multifunction printers (to photocopiers)

Modern multifunction printers are highly capable devices – but they need network access to

work properly. The time to talk to your IT provider about this is a week or so in advance of a

new printer being installed. Don’t wait until the printer company technician is on-site and

saying, “I need to reconfigure your network…”

4. Changing ISP

The choice of Internet Service Provider for your business is yours to make. But if you

decide to change – say from Spark to Vodafone or vice-versa – check with your IT provider

first. A lot depends on how internet traffic is routed into and out of your company. Keep

downtime to a minimum by talking to your IT provider before you make the switch.

5. Adding and removing staff

Obviously it’s vital that you tell your IT provider well in advance of a new person starting

work. They will need their own email address and other accounts, which can take a little

time to set up.

But according to Delia, removing staff is the big one. “What happens when staff leave?” she

asks. “What happens to their out-of- office messages? Where are their documents stored –

are they on that laptop that you’re about to wipe? Do you have their iTunes password?

Have they removed their account from all Apple devices? If not done properly, that

expensive work iPhone could end up being bricked.”

It’s also wise to ensure their incoming email is being forwarded to someone else – not

going into a black hole. And just in case things turn nasty, be sure to recover all deleted

items in Exchange and elsewhere. It pays to be prepared.

If you don’t already have a policy to deal with all of this, now is a good time to create one. Just ask

your friendly IT provider – they’re here to help.

Whose (domain) name is it anyway?

Before you decide on a name for your new business, do some research. The company name might be available – but what about the matching domain names?

Starting a new business is an exciting time. First comes the idea, then the planning, then the implementation. But somewhere along the line comes the choice of company name. This might seem like a trivial matter, but actually it’s vitally important:

1. A good name helps boost your brand
Depending on your target market, different names can have different impacts. It’s a subtle factor that’s especially important in niche or trendy markets. Think of the names of craft beer firms, for example, or technology companies. They are meaningful or memorable – or both.

2. The name gives your company continuity
Staff may come and go, but your company remains. Over time you will use your skills to build that company and enhance its brand. Your reputation will – hopefully – get better and bigger. Choosing a memorable name will help keep you in your customers’ minds.

3. The name differentiates you from the competition
You want to stand out, so you need a company name that sets you apart from the crowd. Of course, you’re not limited to trading under your company name. You could trade under a different name as long as you follow the legal requirements. But it makes life easier if the business name by which your customers know you is the same as the name of your registered company. It should be unique.

So far, so straightforward. But there’s a problem when it comes to deciding on a name. That name might be free in the government’s companies register – but what about the website? For example, if your chosen company name is “The Company” then good luck finding a matching domain name! The most commonplace and obvious names are likely to be already taken.

Turning the naming process on its head

All of this means you need to think differently. Instead of deciding on a company name first, you should begin by investigating what domain name options you actually have. Your website and email addresses are vital forms of contact with customers, so it pays to get the domain name right. You can increase your chances of success by:

· checking what’s already registered using a ‘whois’ service such as who.is or whois.net
· asking your staff, partners and even family to come up with ideas
· searching around words and phrases that are similar to those that describe your company

Once you have some ideas, check for associated domains. Using our generic “The Company” as an example, you might want to register thecompany.co.nz, thecompany.org, thecompany.kiwi, thecompany.nz and maybe others.

Delia Gill, Managing Director of IT Engine, the Wellington-based IT solutions provider, says, “We reviewed of over 200 company names when we renamed our business, we found a bunch of great names but the domain name was always taken. When we finally found a name that worked for us we purchased all the names around it, we have over 25 domains now. It didn’t cost much to register them, and the benefit is that we truly own our brand. Nobody can steal our traffic or our business.”

Bear in mind that if you don’t do this, and if your brand becomes famous, there’s a chance somebody else might register those domains and steal traffic and business from you.

Once you have all the relevant domain names prepared, then you can register your company. But be sure to keep up the domain payments. If they lapse you could lose your website – along with a big chunk of your business.

It’s also important to manage your social media account names – but that’s another blog.

Microsoft World Wide Partner Conference Day 2 – Toronto, Canada

Hello from Toronto – day two.  My poor feet are about to fall off… My step count is counting through the roof (thank you Mr Apple Watch).

This mornings key note was much more detailed.  The Windows Anniversary on the 2nd of August will be bringing some major updates including pen improvement for the Microsoft Surface and Surface Book, I will update you more on this in the next couple of weeks.

There was a huge amount of emphasis on security – with quotes from the FBI director “there are two kinds of companies, those who have been hacked and those that don’t know they have been hacked” …. With end points being the main entry point into a business. MS Windows Hello is starting to address this but we will see more coming out in the next six months.

Microsoft was really excited that Facebook is now an Office 365 customer… VERY excited. Quote from Facebook, “Microsoft is now cool again”. So loads of sessions after the keynote, MS are really great about professional development, so I am learning lots, best session was from Walter Bond on being a better leader.

It was SO hot here today and I think its going to be the same tomorrow.

IMG_3599 IMG_3577 IMG_3578 IMG_3563

Microsoft World Wide Partner Conference Day 1 – Toronto, Canada

IMG_3513

Morning:

Great start to the conference this morning, the usual fanfare of singing and dancing… (ok no dancing this time but great singing).  They do know how to get you in the mood (or as my friend Warrick said “makes you feel good about drinking the Kool Aid”)

 

No major announcements this morning which was a bit disappointing …. Great demonstration on Microsoft HoloLens, this is certainly something that we need to keep an eye on.  They cut the keynote by about a good half hour this morning which was really unusual, however I am not complaining as it has given me more time to a) get to the conference center down the road and b) have a look around all the exhibitors.   Afternoon is going to be full of sessions.

 

Afternoon:

5.30 p.m.   Well that was an afternoon and a half, the conference centre is HUGE…. So getting from one end to the other can be a mission … however with a few pointers from the MS Staff, I managed to get to all my sessions and grab the well needed coffee in between (its not really coffee it just looks like it… really does not taste like it)

 

This afternoon was IOT (internet of things), Productivity in business, and marketing…. Because everyone needs to be reminded to market themselves better.

 

Tomorrow is another fun filled day … I am going to find some dinner 🙂

IMG_3506 IMG_3504 IMG_3503 IMG_3315