Handle sensitive client, business and staff information securely

What you need to do

Understand exactly what types of important information you have in your business and where it is located. Examples of storage locations include:

• USB drives

• emails

• computers / mobile devices

• cloud based solutions such as Dropbox, Google Drive and OneDrive.

To determine types of important information in your business and locations, you could request this information by:

• conducting a survey with all staff

• having a face-to-face meeting with all staff

• sending an email to all staff

• all of the above, depending on what’s practical for your business.

When you know where you currently have your important information, you can then collate it in central locations.

Spend some time securing all your important information:

• Ensure you have secure storage methods for your information. These could include encryption and /or restricting access by managing user account privileges

• Limit storage locations so you can keep track of your information

• Make sure staff know where and how to securely store important information

• Restrict access to only those staff who need it to do their job

• Encrypt important information on laptops, mobile devices and external hard drives

• Store hard copies of important information securely in a locked drawer or locked filing cabinet Implement a secure way of sharing confidential or sensitive information

Helpful guidance

Enabling encryption on your devices:

• Apple provides advice about how to setup encryption on Mac devices

• Microsoft provides advice about how to setup encryption on Windows devices

Most modern Android and iPhone mobile devices have encryption enabled by default if you have a strong PIN or password. Check your device settings to make sure.

Why is this important?

Your sensitive information could be of potential value to cyber attackers. Examples of this could be:

• customer details or other personal information

• employee details

• bank account details, credit card numbers or other payment related information

• intellectual property

• contracts or sales related information.

Make sure you store sensitive information securely to limit the potential of anyone accessing or modifying it without your authorisation. A leak of important information could expose your business, customers or partners to significant harm. This may include potential financial loss, reputational damage and regulatory penalties.