In this edition

Look after your data

Breaches of data security can have huge repercussions, as HM Revenue & Customs found out when two disks containing the entire child benefit database went missing last autumn.

The incident serves as a reminder of the measures all businesses should take to reduce the risks. Lapses not only damage your business’s reputation but also contravene data protection legislation. These are some of the things you and your staff can do to protect your business data:

Protect computers and data with passwords that are kept secure, not shared and changed regularly. Passwords should not consist of ‘obvious’ words or phrases and should ideally contain a mix of digits, symbols and upper and lower case letters.

Log off computers when not in use.

Store confidential papers securely and shred all confidential waste before disposal.

Position computer screens away from windows to prevent accidental disclosure of information.

All visitors to your premises should be signed in and out.

Encrypt information being taken out of the office or transferred electronically. All portable devices that store information should be protected with approved encryption software.

Carry out identity checks before giving out information over the telephone and limit the amount of information given that way. Make sure staff are alert to callers who could trick them into disclosing confidential data.

Take steps to prevent virus and spyware attacks on your computer systems.

Collect only the personal information about customers and others that you really need and delete anything you no longer need.

Make sure that employees working away from the office, whether at home or on the move, can access your business computer network only with secure passwords. There are several ways of enabling remote computers to connect to your business network, with varying security challenges.

Where employees work at home, their home computers should be equipped with firewalls and regularly updated virus protection software.

Special care should be taken when using laptops in a public place where they could be overlooked.

Most people are aware of the risk of personal identity theft but do you know that a company’s identity can also be stolen? Fraudsters could set up accounts in your company’s name and could even change your company’s registered office address and appoint new directors.

This newsletter is for general information only and is not intended to be advice to any specific person. You are recommended to seek competent professional advice before taking or refraining from taking any action on the basis of the contents of this publication. The newsletter represents our understanding of law and HM Revenue & Customs practice as at January 2008.