Off To See My Lawyer
'Oven-Ready' Document Shop Click here to sign up for our latest updates

Data Protection

How safe is the data on your laptop, smartphone….? Do you REALLY know?

Sunday, June 15th, 2014

Virtually everyone is a “data controller” these days in the eyes of the law. You will be gathering personal details via your websites on your contact or newsletter sign up forms. You will be saving customer details on your PC’s and other devices and will therefore be highly likely subject to the Data Protection Act requirements. This sets out 7 key principles that you must comply with. One of those states the following:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to,personal data”

Do you know what that actually entails? Does it mean just having a password on your device or installing a firewall? Do you need to encrypt all data, not allow staff to use their own devices….?

Only recently a staff member used a memory stick in the office and then forgot to take it with them when they left for home. The memory stick vanished and contained lots of sensitive data on children with special needs. The business was fined £80,000 even though the memory stick was never found or the information actually used as far as they were aware.

We can provide you with the basic tools to tell you what the key legal requirements are and what practical steps you can take from an IT point of view in our forthcoming webinar on 2nd July at 10 am. Do not wait until it is too late.

Protect your data!Copyright Brian Snelson

Protect your data!
Copyright Brian Snelson

Beware of the Companies House scam

Monday, June 9th, 2014

I recently filed my Annual Return with Companies House. In case you were not aware or are new to owning a limited company, Annual Returns need to be filed once a year and effectively are a snapshot of the company’s ownership. As a director it is your legal duty to file this document and if you don’t you may be looking at a nasty fine and even a criminal record! Filing is done easily on-line and you simply pay a fee of £13 to do so. See Companies House guide here for more details. Phishing-Scam

That aside, having filed mine, I received what I thought was an acknowledgment from Companies House and inviting me to open an attachment with a copy of the Annual Return in it. I am getting wise in my old age and sadly now double check EVERYTHING. Luckily I did as it was a scam and had I opened the attachment it would have triggered an awful virus into my system with heaven knows what consequences.

Differences are often hard to spot as in this case it seemed to be just hyphens eg ” web-filing@companies-house.gov.uk” compared to: “webfiling@companieshouse.gov.uk”. I understand from Companies House that they never attach zip files so that is also a good indicator

Bottom line: be ever so careful with every email and if in doubt, absolutely do NOT open any attachments.

PS Don’t rely on the email addresses I have quoted above as the scammers may have changed it yet again. Companies House have a list of the current scams with pictures of what fake emails look like. See here for more details. What a world we live in…..

What is bring your own device (BYOD)?

Friday, February 7th, 2014

Many employees now own personal mobile devices (such as tablets, smartphones, laptops or notebook computers) that can be used for business purposes. Businesses are receiving an increasing number of requests to allow employees to use these devices at work.

BYOD benefits

BYOD can bring a number of benefits to businesses, including:

  • Increased flexibility and efficiency in working practices.
  • Improved employee morale and job satisfaction.
  • A reduction in business costs as employees invest in their own devices.

BYOD risks

The boom in BYOD has been matched with an upsurge in activity by criminals trying to exploit the data and intellectual property stored on personal mobile devices. The use of personal mobile devices for business purposes increases the risk of damage to a business’s:

  • IT resources and communications systems.
  • Confidential and proprietary information.                      BYOD-Pic
  • Corporate reputation.

Ownership of the device

Personal mobile devices are owned, maintained and supported by the user, rather than the business. This means that a business will have significantly less control over the device than it would normally have over a traditional corporately owned and provided device.

Securing data stored on the device

  • A business is responsible for protecting company data stored on personal mobile devices. Businesses should consider implementing security measures to prevent unauthorised or unlawful access to the business’s systems or company data, for example:
    • Requiring the use of a strong password to secure the device.
    • Using encryption to store data on the device securely.
    • Ensuring that access to the device is locked or data automatically deleted if an incorrect password is inputted too many times.
  • The business should ensure that its employees understand what type of data can be stored on a personal device and which type of data cannot. We can help you draft  a social media/BYOD Policy to this end.

Mobile Device Management

Mobile Device Management software allows a business to remotely manage and configure many aspects of personal mobile devices. Typical features include:

  • Automatically locking the device after a period of inactivity.
  • Executing a remote wipe of the device (make sure employees are aware which data might be automatically or remotely deleted and in which circumstances).
  • Preventing the installation of unapproved apps.

Monitoring use of the device

  • If a business wants to monitor employees’ use of personal mobile devices, it must:
    • make its  reasons for monitoring clear; and
    • explain the benefits the business expects will be delivered by monitoring (for example, preventing misuse of the device).
  • The business must ensure that monitoring technology remains proportionate and not excessive, especially during periods of personal use (for example, evenings and weekends).

Loss or theft of the device

  • The biggest cause of data loss is still the physical loss of a personal mobile device (for example, through theft or by being left on public transport).
  • Loss or theft of the device could lead to unauthorised or unlawful access to the business’s systems or company data. The business must ensure a process is in place for quickly and effectively revoking access to a device in the event that it is reported lost or stolen.
  • Businesses should consider registering devices with a remote locate and wipe facility to maintain confidentiality of the data in the event of a loss or theft.

Transferring data

  • BYOD arrangements generally involve the transfer of data between the personal mobile device and the business’ systems. This process can present risks, especially where it involves a large volume of sensitive information. Transferring the data via an encrypted channel offers the maximum protection.
  • Employees should be encouraged to avoid using public cloud-based sharing which have not been fully assessed. Businesses should consider providing guidance to employees on how to assess the security of wi-fi networks (such as those in hotels or cafes).

Departing employees

A business needs to think about how it will manage data held on an employee’s personal mobile device should the employee leave the business.

If you are a business owner and all this talk of data loss has left you wanting to reach for the bottle, maybe you had better throw a party and suggest people: “BYOB” ( Bring Your Own Bottle!)

Cheers!