Chuck Fields
/ Categories: Blog

How are you protecting your data? Here are 3 questions you need to ask yourself

How to preserve your company’s data

In this podcast episode we discuss how to preserve your company’s data.  That is, your key information on your customers, including not only the basic contact information such as name and address, but also any historical notes you’ve had with them as well as images, photos or documentation. You need to ask yourself these the following three questions to make sure your data is protected:

  1. How is your data stored?
  2. Who has access?
  3. What happens if you need to move it?

1) How is your data stored?

Three possibilities: 1) paper files 2) stored digitally in one computer or file 3) stored digitally but accessible to many  – or perhaps a combination of all of these.

Paper files can be impeccably organized and quick to access, but are extremely vulnerable. Unless you have duplicates stored elsewhere, one flood or fire can destroy your files.

Storing data digitally on a single computer or in files such as Excel or Access, are a better step since these can be backed up regularly. But unless you only have one person access these files they are vulnerable to data duplication or corruption. For instance, if there are multiple copies of your Excel files floating around, with multiple people making separate changes on them (such as updating a contact’s phone number or adding a new contact), then you can easily end up with either duplicated entries or entries that are out of sync with the latest information.

In other cases I’ve seen companies try to share a single Access file with multiple employees. In theory it sounds great but usually the database gets corrupt along the way.

Ideally you should store your data in a relational database that’s accessible to more than a single user. These are ideal—and powerful. Databases such as SQL Server (made by Microsoft) and Oracle are quite popular, and they can grow with you. Relational databases allow access by multiple users and can return query results incredibly fast, some on the order of several per second. These are the power-horses of the trade and while some can be relatively expensive, others such as Microsoft’s SQL Server Express Edition are free and ideal for smaller organizations.

Relational databases are also ideal for web applications or eCommerce sites where thousands of transactions can occur in a short timeframe. They are highly reliable and allow for easy data migration.

But databases like these cannot (or rather should not) be just opened and viewed like an Access or Excel file. Instead, these databases display information via a user interface such as a web application or software which the user has access to.

2) Who has access to your data?

Now if you have paper files that’s pretty easy to control obviously—just lock the file cabinet or the room containing it. And if you’re sharing Excel files you have control (somewhat) over who you give the file too—although once you give it away how can you control who gets it from there?

But if you’re following the best practice and have your data stored in a database then you need to make sure you restrict access. This can be done in a few ways.

On a database level, roles can be created to restrict access. Users can then be assigned to these roles. For instance, you could create a role called “Managers” that allows users in that role to create, edit and delete contacts. You could then create another role called “Employees” that restricts users to only have “Read Access”, that is, they can view contact records, but they cannot add, edit or delete anything.

But roles can also be assigned at the user interface level, such as a website where your employees can login, then, they can access and update data based on their role or roles they’ve been assigned to. So for example, you could have a web site where no one can see anything unless they are logged in. But once they are logged in they can have access to certain parts of your data, such as contacts, where they could easily view information, and if they have the proper role, they can update or add a new contact if needed.

However you need to have a plan in place that removes users from various roles when no longer needed, such as when they leave your company. It’s also important to watch what can be done with your data. For example instead of allowing users to delete data—where it’s gone forever—it’s much better to do what’s called a soft-delete, where data is marked as no longer active but it remains in your system just in case you need to view the history. That’s a much better and safer approach than permitting an employee to accidentally (or deliberately) delete your important data.

So stay on top of who has access to your data, and keep user rights up to date.

3) What happens if you need to move your data?

Perhaps you are changing software or have decided to move your hosted services to another vendor. Eventually you may need to upgrade your database to keep it secure and protected. In either case you need to make sure you don’t lose your data whenever you need to move it.

Now if you own the software or web application and have complete access to the database then exporting data is pretty straightforward.

But if you are using an off-the-shelf software product and plan to move to another one it’s crucial that you to know what you’re getting into. Before you decide to move to another software system, ask if they can import your data into their new system—and make sure your current vendor will export your data—ALL OF IT. The tricky thing here is to make sure you not only get the data that’s yours, but that you can import all of it—or at least most of it—into the new system.

Get absolute clarity on what information will be imported and what will not, before giving in to the bells and whistles of a new system. I’ve seen this time and time again where a new vendor promises the Moon, but downplays the fact that you’ll have to give up your older data since the new system either can’t handle it or they want to charge you an incredible amount. Be careful what you’re risking. If you truly don’t need your older data then you’ll be fine, but if you absolutely feel it’s mission critical then make certain you won’t lose it before agreeing to a new system.

Make sure you’re asking yourself these common-sense questions and follow the best practices for keeping your data safe and within your control.

Previous Article Are voice-enabled wireless speakers like Alexa and Google Home secure? 3 tips to protect your privacy
Next Article Is your website driving away customers? 3 steps to keep them coming back
487 Rate this article: