Balancing Data Protection and Ease of Access

Nov 2014
3

Balancing Data Protection and Ease of Access

 

Data AccessThe following is a guest post from Mark Dalton of The Tech Lounge

In the modern world, data protection is an issue that is always hanging over our heads. We hear stories every day of leaks and hacking scandals, so it's easy to understand why we would be extra cautious about the security of our information. But if we are too strict about it, we can cut off some channels that need access to that data in order to continue functioning - and cause more problems than we started with. So we need to learn how to balance the need for data protection with access to that data in a way that benefits everyone. This usually means coming up with a system and sticking to it.

Why do we need to protect our data, and how?

Put simply - a company is its data, and a company can't exist without it. That's not just the big things- anything from a simple email to marketing materials, payslips and invoices - are the bricks and mortar of a company. It has taken time and money to build, and it will cost money if it falls into the wrong hands – especially true of the banking sector. This could be anyone from your customers and suppliers to hackers. And this data isn't always in the form of official company paperwork - this is often digital data too, and great care should be taken when deciding who has access to it and what they can do with it. Your security system for data should be a framework to the business, and guidance on how to run things.

Our golden rule here at The Tech Lounge is simple: don't over think it. When they have a security scare a lot of companies will bring in a security company or new business advisor to help tighten things up. But the first thing these advisors will do is implement a long and complicated process, and this can itself be a barrier to getting your data secure, and doing business. As you can imagine this wouldn't go well! So the simple thing to do here is come up with a consistent permissions system, and make sure everyone is aware of it. Think long and hard about who you want accessing what data and where it should go, and label or file everything accordingly. Our preferred method is the traffic light system - Green, Orange and Red.

The Traffic Light System

The great thing about this system is its simplicity. Any data that is essentially 'safe' and you don't mind where it goes is labelled Green, anything a bit risky and suspect is labelled Orange, and anything highly sensitive is Red. All company data is then labelled within this system - whether that's via a Content Management System (CMS), putting passwords on files and folders or physically labelling paper data with green, red and orange dots. It's a clear system that everyone can understand - they know what their passwords unlock or what they are allowed to take from the filing cabinet.

You've then got to think about where that data will live. Using the same labelling system, you can decide where to put the data based on its security. For example if it's green it can be stored anywhere (like the website or the cloud), if it’s orange it can live in the cloud but only under encryption, and if it’s red it must stay internal to the company at all times. See Offsite backup is a minimum requirement article for more info on this.

This system is simple to understand and easy to implement - and the best thing is you probably do it in your everyday life without realising it. Just think about what you are willing to leave on your kitchen table for the whole family to see, what should be in your room and what stays in a safe. The key to achieving the delicate balance between overprotection and major risk being aware of the risks to you and your business, accept and mitigate where you can, and make conscious decisions when you can't.

Author Bio:

Mark Dalton runs The Tech Lounge, an IT consultancy offering IT support to businesses large and small across Hampshire in the UK.

Spice IT Email Post

For more information

Get insights about cloud backup and recovery direct to your inbox every month.
Subscribe to our Newsletter
 
Stay connected to the latest data protection insights – subscribe to our blog.
Subscribe to our blog
 
Got questions for one of our recovery specialists?
Need Answers to your Questions?
 
Print this page
Email this page