Is Your Laptop Secure?



After focusing last month on the importance of mobile phone security, I received a number of emails asking about securing laptop computers. By 2011, according to market intelligence firm IDC, laptops will represent 66% of corporate purchases, with 71% of consumers opting for a notebook instead of a tower PC. In response to those who contacted me, and for anyone considering buying a laptop, here are my safekeeping recommendations.

LAPTOP SECURITY
Many office workers who have to be mobile are opting to replace their desktop system with a laptop. An average laptop has an impressive hard-drive capacity and can store a huge amount of sensitive and important data. Laptop security is, therefore, crucial.  The following tips on keeping laptops safe and secure apply to those with Windows-based software.

Encrypt Your Laptop
Entering a password to access or log into a laptop does not mean its data is safe.  Far from it.  The initial log-in can easily be circumvented, or the drive removed and accessed via a different device.   My suggestion is to use a program called TrueCrypt which creates and runs hidden system-wide encryption. It is easy to use, and free for commercial use.

Anti Virus Software
Maintaining up-to-date Anti Virus software on your laptop is vital so I recommend installing the following two programs: 
  1. NOD32. This is a low cost business-strength security product providing integrated, real-time protection against spyware, adware, viruses, worms, trojans, phishing, hackers, etc. 
  2. Windows Defender if you are using Windows XP. Windows Defender is compatible with all MicroSoft certified Anti Virus software including NOD32. Anyone using Vista and Windows 7 will already have Windows Defender. 
Back-up Your Data
Laptops are light and portable and easier to lose than PCs so backing up your data should be instinctive. New laptop users should consider online systems such as HumYowhich, once installed, automatically backs up your data securely and safely while you work.

Using Wi-Fi Safely
Be cautious when connecting to public Wi-Fi hotspots. Some access points may be set up maliciously in order to collect data as you surf the internet. To avoid such risks, connect only to access points you recognize. You should also enable your laptop’s built-in Windows Firewall.
 

Further Action
Devise your own laptop security best practice routine by checking for updates regularly. Protect your laptop when on the move in an easily identifiable case. When not in use, store it in the same place away from any temperature extremes and electrical fields. Last but least, don’t forget to insure it.

Mobile Phone Data Security


Mobile phones make life very easy on the one hand, and very difficult on the other. Here's why.

A study by TAXI, the magazine for the Licensed Taxi Drivers Association, revealed that during a six-month period a staggering 63,135 mobile phones were mistakenly left in London cabs.  If they contained customer data and information that was not secure, then their owners could find themselves in breach of the Data Protection Act.

MOBILE PHONE DATA SECURITY

Mobile phones are common tools of the trade now for many businesses. However, in recent years these devices have become much more sophisticated. Many have the capacity to store over one million emails, as well as contact details of an entire customer base and other sensitive information, such as word documents and spreadsheets.

Awareness
Think how important the data on your mobile phone is.  Be aware, too, that if your employees are equipped with a company mobile phone, they must similarly be conscious of the importance of any stored information and contact details.  We strongly recommend that you look at your own mobile device security strategy, and that of your company. 

Precautions
As a first step you should note down your mobile device’s IMEI (International Mobile Equipment Identity) number. This is often found underneath the battery and your mobile provider will require it when you report the loss or theft of your mobile.  This should be a mandatory safety measure for all staff with company mobiles.

Seven Steps to Take
Here are some of the other things you should consider in formulating your mobile security strategy:
  • Enable the “Automatic Lock” function on your device, and set the lock period to the minimum time
  • Enable the “Require Pin” function or, if the option is available, the lock device on SIM card removal 
  • If you use memory cards, enable the “Encrypt External Storage” option if supported by your device
  • Only store essential names, numbers and documents on your mobile phone
  • Check with your mobile provider if your device supports “Remote Wipe”, and know how to implement this
  • Keep your mobile provider’s number handy as they can disable your phone when you give them your IMEI 
  • Be prepared to notify the Information Commissioner and your customers if a mobile device with customer data is lost/stolen
Further Action
There may be other things specific to your business that you need to think about, and you may need to create a workplace policy to ensure all staff are aware of the implications of storing data on mobile devices.

New Year Resolutions


A Happy New Year to you. Returning to work after the festive break is always challenging for two reasons. Firstly, there are the tasks to face that were postponed until after the holidays. Secondly, this is traditionally the time for evaluating business systems to identify where any weaknesses lie, and where improvements can be made for this year's trading.

In an effort to kick-start the new business year in a positive way, we are highlighting some past Newsletter topics that proved a hit with readers. This first Newsletter of 2009 is, therefore, an aide-mémoire as a helpful checklist when assessing your internal processes, together with our suggestions for good resolutions.

Tidy up your Inbox

Get to grips with your email inbox now before the influx of new messages develops into a rising flood. By ridding yourself of old email habits and managing your inbox more effectively, you could save hours every week. To find out how to do this, read our Managing Your Inbox article.

Legalise Your Website

Your website may be bringing you new business but does it comply with all the relevant legislation? Two of our popular articles will assist you in giving your website a quick and easy legal check-up. These are:

  • Your Website and the DPA This article will help you recognise how your website could be breaching the Data Protection Act. 
  • Privacy Policies This article explains how you can ensure your website visitors understand how you use their data.

Invest in Expertise

In the current economic climate it is tempting to think of cost cutting, but avoid short term savings at the expense of long term business. Out-sourcing can be a wise and economic way to benefit from professional help not available in-house. Bringing in experts can introduce you to exploring and adopting new added value services to boost your business, while also allowing you to get on with what you do best - running your business.

Accept Free Offers

Many companies offer a period of free consultancy. These offers, especially from independent businesses, can be worth taking up. We at AGUK Solutions Limited have always been happy to operate in this way. We know such a service has proved genuinely beneficial, in turn bringing us new clients in a win-win situation.

If you have any internet related project already running, or in planning, we can help you. Our initial meeting with any client, as mentioned above, is without charge and obligation. Why not see what we can do for you?

Sign up to Seminars

Taking time out of the office for a concentrated one-off business seminar is a fast way to learn from the professionals. AGUK Solutions Limited announced its new seminar programme last month and we are delighted some readers have registered interest. Subjects we will be concentrating on include everything you need to know about email; how to trade online; and getting a return from your website investment.

Seminar places are limited so to register your interest, please click here to subscribe to our mailing list.

 

Privacy Policies


Following recent media coverage about organisations handling personal data, now is a good time to focus on the issue of privacy. This month we explain why a privacy policy is important to your online presence. Having one in force shows a duty of care to your website visitors and customers. So, does your website have a privacy policy and if not, why not?

Their Purpose

A privacy policy is much more than another page of text on your website. As with any policy, it has significant meaning and a role to play. Its primary purpose is to explain fully and clearly how customer data will be:

  • collected
  • secured
  • stored
  • used
  • shared

It represents a legally binding agreement between you and your site visitors, with responsibilities on both sides. If it does not cover your terms and conditions, these should be displayed elsewhere on your website.  

A meaningful privacy policy will demonstrate that you respect and protect the privacy of your website visitors and customers. Convince them their privacy is protected and they will be more inclined to trust in you and your business.  

Policy Users

If you have a personal website you do not need a privacy policy. If you are a sole trader and your website is a commercial venture, then you do. All SMEs, limited companies, businesses and organisations with an internet presence need a privacy policy.

As a business, regardless of size and sector, you have certain obligations under the Data Protection Act (DPA) to ensure your customers and site visitors know and understand what you are doing with any data collected about them. 

Even if your website does not sell products online, it should still display a privacy policy. This is because, even without realising it, you may still be collecting information about your website visitors. We covered this point in an earlier Newsletter entitled “Your website and the DPA.  

Policy Requirements

First and foremost, a privacy policy should explain clearly and concisely what data you will collect and hold about the individuals who visit your site, and/or the products and services they use.  

Your privacy policy should be specific about (a) the information you collect, (b) how you gather the data, and (c) what you use it for. As an example, please take a look at our privacy policy. If you do not have a policy in place, you may need to perform an audit of your processes to verify the type of data you collect, and how it is handled. Such an audit may reveal previously unknown data collection and retention.

It is important to ensure that your privacy policy is comprehensive, accurate and truthful. It should be in plain English, easy to read and understand. Don’t forget, how your privacy policy is worded will have a positive or negative impact on its readers, influencing their decision on whether or not to use your website.  

 

Your Website and the DPA


Is your website breaking the law? Are you aware of the Data Protection Act (DPA) and its implications? This month's AGUK Newsletter covers these important points, and provides tips on staying within the law.

Data Protection Act 1998

Anyone handling personal information via a computer system or network must comply with the Data Protection Act. It is the law.  This Newsletter cannot cover the DPA's set of principles comprehensively and looks only at its impact on your website. 

Website Compliance

Ensuring your website complies with the DPA need not be complex or expensive. To check your current level of compliance, use our checklist.

Compliance Checklist

  • Do you ask customers/clients for personal information? If so, is it gathered and processed in a secure way?
  • Is the information you amass from visitors to your website considered reasonable and justified?  Or do you collect more information than you need, or your visitors expect to provide?
  • Who has access to the information collated?  Is any of it sensitive?

Sensitive Data

Even if you are unaware of it, your website - like most websites - may store data considered as sensitive. It is held in "log files". These contain information about each visitor to your website and can include:

  • Their IP address and geographical location
  • Details of the site they were on previously
  • The pages they visit on your site, and in what order
  • Facts about their own computer including its name, and possibly the login username

The most sensitive data, and potentially damaging, is the last. While some internet users have security safeguards to prevent revealing such details, others do not. Some web surfers may even have called their computer by their own name. That, coupled with the potential geographical data, could be deemed under DPA regulations as processing personal information.

Website Location

Did you know the location of a website could result in breaching the DPA? 

It is not uncommon for websites to be hosted outside the UK, and even as far away as the USA.  In this situation you could be collecting data and transporting it to and from a foreign country. This is an important point.

There is nothing wrong with hosting your website outside the UK provided you: (1) tell your customers and (2) ensure your DPA notification states you transfer data worldwide. You must also still apply the same DPA principles as if the data were handled within the UK.