Date: 24/05/2016 | By: Matthew Parsons

Information security is a vital part of reducing the risks in your business. Often, the data in your business is one of your most valuable assets and without it, many businesses would struggle to continue trading at the same level.


BizSmart Select Member Matthew Parsons of Surf Tech IT is experienced at working with businesses to ensure their data is secure.

Click here to access his latest webinar, Information Security and Protecting Your Business, he expands on this blog post and discusses the various risks to business data and how these can be mitigated.


Which data needs to be secure in your business?


Any data that is commercially sensitive, or is required to run your business, needs to be protected. Information security also covers sensitive data such as your staff database and human resources files, which must be kept secure.


Data that needs to be secure:

  • Customer information
  • Policies
  • Contracts
  • Staff database
  • Commercially sensitive information (i.e. info that could be of benefit to your competitors)


Your data – a risk assessment


The starting point for information security is to identify the risks to your data. Everything from hardware such as laptops and desktop computers, software such as email and CRM systems and even employees creates risk.


Risks need to be assessed based on the potential threat they could cause to information security, the likelihood of these threats happening and the severity of risk should there be a security breach.


For example, with a laptop, there is a risk of theft. The likelihood of this happening could be given a rating of 2 out of 11, and the severity of this for information security could be rated 5 out of 11. Multiplying these together, the rating is 10, which is classed as high risk.


Once the threat has been identified and assessed, a company can look at introducing controls that reduce the risk, for example having a company policy not to store customer data on laptops. If storing data in this way can’t be avoided, then hard drive encryption may be a better solution to minimise the risk to customer data.


Implementing controls in relation to identified risks allows you to protect the best interests of your business from being compromised in the near future.



For more information on this topic,Click here listen to Matthew Parson’s latest webinar.


BizSmart aims to help SME and micro-business owners scale their businesses and create value through sound practical business support. We aim to give you insight and clarity and fire up your determination to succeed. You can access blogs like this and more besides through our free SmartRoom service here.