How safe is your data?
Electronic data is the lifeblood of most businesses in this connected age. Just think about how much you rely on your data for the smooth and effective running of your business.
Your accounts are probably on a PC, server or in the cloud somewhere. Very few businesses get by with an old-fashioned cashbook these days and even self-employed tradespeople tend to use an accounts app on a phone.
Where are all your client records?
In a card index or in a filing cabinet? Probably not. For most businesses they’re now on a spreadsheet or in a specific software application. How about suppliers’ data, business, employee and payroll data, and even your own business plans? What would happen if someone came along and took all your data away or just made it impossible for you to access?
That’s why we all do regular back-ups and the more enlightened businesses have disaster recovery plans. For those who don’t, the statistics make for scary reading:
- 6% of all PCs suffer an episode of data loss in any given year1,
- 30% of all businesses suffering a major fire go out of business within a year2,
- 34% of companies fail to test their backups and of those that do, 77% find failures3,
- 43% of companies that lose their data fail immediately3,
- 51% permanently close their doors within 2 years3,
- 140,000 mechanical hard drives in the USA crash every week4.
Where is your data?
So, where is your data stored and how safe is it?
Is it safe from accidental deletion and safe from hacking? Is it safe from prying eyes—which is particularly important if you are an innovative business relying on your new ideas and intellectual property (IP) to differentiate you from the competition.
It has even been suggested that the reason why the Chinese military have made such dramatic technological advances in the past 10 years is because they hacked the Pentagon years ago and haven’t needed spies conducting industrial espionage, they just log-in and copy the latest American military inventions!
So, we all know backing-up data is important but some businesses do and some don’t. Some use tape drives—and if you’re one of them, great—but when was the last time you tested a full data recovery from your tapes?
More and more businesses are turning to the cloud as a place to store backed-up data, but where is the cloud, how secure is your bit of the cloud and how compliant is your cloud storage with UK data protection legislation (including GDPR)?
We know that the UK Data Protection Act is often maligned, we may complain about it and it’s frequently dissed in the media, although the reality is that has been one of the strongest acts of its type in the world. And from May 2018, GDPR makes the law even stricter (see our blog post GDPR – the key things you need to know).
It’s so strong that it actually prevents the transfer of sensitive data to even the USA unless the recipient company is covered under Safe Harbour legislation which is supposed to ensure that their storage and the way they use data is compliant with UK law.
In October 2015, however, the European Court of Justice decided that Safe Harbour insufficiently protected UK and EU citizens’ data and so it has been declared invalid, presumably because it enabled US companies such as Facebook and Google to self certify for data privacy requirements.
All this means that moving third-party personal data to storage outside the EU’s borders was essentially made illegal (there are exceptions, but for most businesses compliance would be impossibly complex and expensive). So I refer you back to my previous question: where is your cloud?
Major providers such as Google (Google Docs) and Microsoft (Office 365 and Microsoft OneDrive) can’t tell you where your data is because it’s stored across a global network of data centres, Amazon’s cloud services likewise. Other players, such as Box, DropBox, Mozy and similar use servers in the EU and the USA but, again, you can’t simply request that your data be stored in the UK or EU, it’s just spread across their data networks.
Bristol IT Company’s works with leading local legal firms, so we know that the Law Society actually prevents them from using such storage companies: any system that doesn’t allow the physical location of data to be confirmed as within the EU is forbidden to British lawyers. As a consequence, we have our own, UK-based, datacentre and private cloud storage solution and it’s available to all our clients.
Our cloud is hosted in our Bristol datacentre so client data is safe and legally compliant, both now and in the future. We use strong encryption too, so even if data was stolen somehow, all the hackers would have is a bunch of zeroes and ones—they wouldn’t be able to see any real data.
1 – The Cost of Lost Data – David M Smith
2 – Chubb Fire
3 – Gartner Group
4 – Mozy Online Backup