SME's are today reliant on IT systems to store vital information. The need to protect this information from fraudsters or competitors is vital.
So if an SME decides to partner with other companies, which might include some information sharing, they need to ensure the partner is as thorough as they are with security.
But according to research from online back-up supplier Mozy, a massive 80% of SMEs do not check if their partners have adequate data security. A total of 56% don't do any checks.
So if you are an SME and you are not checking partners the list below might help.
Top ten tips for checking business credentials of partners, according to Mozy
- Is the company sufficiently insured? Ask to see a certificate of professional indemnity insurance.
- What's the company's credit rating? If the banks don't trust them with credit, you might not want to trust them with your data, either.
- Who owns the information that you're passing to the company? What rights do they have to use that information?
- What sort of security systems do they have in place to protect your information? Ask to see an information security policy.
- What are the chances of the company going bankrupt? Do they have sufficient backing to ensure they can ride out a rough patch? You don't want a supplier going under and leaving you without the support you need.
- Does the company rely on the intellectual assets of a small group of employees and, if so, how do they manage the retention of this intelligence? If only one person understands your business, what happens if they decide to leave?
- Does the company rely on third parties to fulfil any part of its commitment to you? If so, make sure they carried out due diligence on their suppliers, too.
- Where is the company storing the data that it's creating or using on your behalf? Be aware that, if it's stored outside of the EU it may be subject to different laws and access rights.
- Does the company have a disaster-recovery plan? Floods and fires not only devastate lives, they destroy businesses too. Make sure that a natural disaster won't pull the rug from under your company.
- Does the company have a data backup strategy that works? 60% of companies would go bankrupt in 48 hours if they lost their data. If you rely on services and information from a supplier, make sure they have up-to-date copies of your data stored offsite.
Subscribe to blog feed
Checking out your partner’s security credentials is something that all companies should be doing by second nature, and it is very surprising to see that more than half of companies don’t seem to be doing any checks at all.
Managing and protecting both customer and internal data should be the number one priority for businesses. However, while most companies continue to invest in security measures such as those mentioned in the list by backup company Mozy, sometimes less obvious threats are often overlooked.
Every day, businesses use Multi Functional Devices (MFDs) to print, copy, fax and scan to email so that they can view, share and save data. While this certainly enables staff to be more productive within the workplace, much more data is now being stored on these devices than when standalone printers or copiers were used just for simple tasks.
The office copier of old is now effectively a PC server with print functionality as an integral feature and to fulfil their role as document management devices, they need hard drives which store data.
This is where some organisations are missing a key security threat. Many IT managers may not be aware of the capabilities of an MFD and the quantity of potentially sensitive data that it holds. This information in the wrong hands could be devastating for your organisation with serious financial or legal (compliance) ramifications, not to mention the damage to your organisation’s reputation.
Therefore, to add to the check list above, it is also vital that an organisation makes sure that its business partner or supplier also takes responsibility for protecting data on MFDs. Data needs to be protected on a daily basis as it passes through an MFD, either through data over-write after each job, or the use of hard disk encryption. What’s more, if an organisation does retire an old MFD, or returns one back to the provider, it is vital that businesses make sure that either you or the provider wipes the data, or even physically removes the HDD.
Without this level of protection, your business is at risk. To be safe, just make sure that when a printer is re-sold or sent for recycling that all the data on the hard drive is wiped. It’s as simple as that and there are numerous physical and software solutions that can be used to guarantee this happens
Trevor Dodsworth, Head of Product Marketing, Business to Business, Canon UK