Company data loss, whether the result of negligence or bad luck, can lead to financial liability, reputational damage and legal sanctions. Most businesses today understand the value of a robust data backup procedure - including the use of secure online data backup. Few organisations, however, consider the risks of data being exposed to third parties - particularly as a result of laptop loss or theft.

As a small business owner, there are a number of challenges that need to be addressed on a weekly, if not daily, basis. These include obvious concerns such as company finances, winning new business and the effects of the economy, but business owners should also be mindful of security issues that could land them in more serious trouble than they might imagine.

Data loss stories hit the headlines, creating pressure for tighter regulation
High profile data losses have plagued the national news over the last 18 months, meaning data protection policies will be more important than ever to small business owners who want to avoid making headlines for all the wrong reasons.

In an FSA report Richard Thomas, the Information Commissioner, said: "The blunt truth is that all organisations need to take the protection of customer data with the utmost seriousness. Getting data protection wrong can bring commercial, reputational, regulatory and legal penalties."

More remote working means more vulnerable data
According to the Office of National Statistics, more than 2.1m people currently work from home and about eight million spend at least some of their working week in the house instead of an office. More data is being carried between meetings and offices on consultants' laptops, meaning the quantity of mobile data is continuing to rise, with highly sensitive data becoming more widely dispersed.

This means that securing office-based data alone is no longer enough to protect a small business against the increasing penalties associated with data loss. Certainly, simply having a ‘policy' that employees should not store data on desktops or laptops is increasingly a weak position. The fact is that a business owner has both a legal and moral responsibility when data is lost or exposed, regardless of stated policy.

Data loss implications for small business owners?
Small business owners should be thinking about the vulnerabilities of their company and customer data on the move and how it might affect them should a loss or theft occur while laptops and PDAs are off site.

Developments in legislation could also mean that, in future, accidental data loss or theft becomes more heavily punishable than ever before and small business owners could face considerable fines and even imprisonment if they leave customer data vulnerable.

Proposals to amend the law to this end were discussed by the House of Lords last year and are now going through the process of settled reviews. Although the proposals are not yet law, this surely indicates the amount of political momentum the subject is gaining and ratified legislation will certainly follow.

Selecting the right technology
Many companies will choose encryption as the preferred method of data protection, but it is worth noting that using an encryption solution can leave company data open to a number of vulnerabilities:

- The encryption can be compromised if user access details are not strict - in simple terms, if the third party can obtain or guess the correct password for the machine, then the encryption can be by-passed.

- Some encryption approaches are hard to deploy and manage, often causing inconvenience for the end user and support overhead for the IT department. In these cases, the solution may be theoretically good, but never effectively implemented. An analogy might be a very secure door lock - that is so difficult to lock/unlock that it is never used!

Data protection action plan to ensure your business is not at risk
It's important to take a holistic view when setting your data protection strategy, rather than rely on either technology or policy alone. The following four steps offer a best practice guide to getting on the right track:

1) Review any existing data protection policies to ensure they are suitably comprehensive.

2) An audit of how employees transport data and how it is managed when it is taken off site can reveal obvious gaps or weaknesses in current guidelines.

3) If your organisation comprises a high number of home workers, or consultants who spend a lot of time outside of the office, it might be worth looking into encryption services which offer a simple and effective way of protecting mobile data. These can ensure that even a laptop left on a train cannot lead to a major security leak.

4) For complete peace-of-mind, there are intelligent encryption services on the market which enable lost or stolen laptops to be secured automatically - either via data deletion or disablement - to ensure data cannot fall into the wrong hands and that the business remains protected at all times.

The right technology for your business model
When it comes to security, each business will have its own requirements, so owners and directors need to ensure they invest in technologies that will fully protect their data based on their specific business model. All customer and company data must be protected to the best of the company's ability or the business owner may well find himself facing unimaginable penalties for negligence.

For more information please visit www.backupdirect.net [1]