The importance of data in the digitalisation process - how is it managed and protected?

Digitalisation provides a host of tools and processes that are enabling businesses to grow, adapt and better connect with their target customer. Many of these benefits have been derived from the availability of large amounts of data that provide a real-time view of the internal situation of your SME, the market in which it operates and the relationships it establishes with its customers. 

Data is essential for planning projects, getting to know our clients better, analysing different scenarios, refocusing strategies, making predictions... In short, to be able to make solid decisions with greater guarantees of success.  

All the benefits of this data collection, storage and analysis also mean a potential threat to your SME. Because of its importance, cybercriminals attack company platforms to obtain this data in order to make a profit through blackmail or data theft. This not only poses a great operational risk for your SME (an attack can paralyse your business activity for a period of time until the systems are properly restored), but also a reputational risk, as customers tend to lose confidence in the company in such a situation. 

How do you know if your data is protected? 

For data to be considered protected, the National Institute for Cybersecurity (INCIBE) establishes that the following 3 dimensions of security must be respected: 

1. Availability. This means that it must be possible to access information whenever necessary. This principle is disrupted when, for example, a company suffers a ransomware attack, which encrypts information, compromising its availability.

2. Confidentiality. The information must be available only to authorised personnel, preventing external agents from accessing your SME's data or disclosing it in any unauthorised way.

3. Integrity. Data must be correct and truthful. Some attacks focus on making modifications to the information with the aim of producing errors in the organisation. 

Once we know what requirements are met by protected data, a new question arises: how can we guarantee this security? Here are two options that you can introduce in your SME.

1. A firewall 

A firewall guarantees the security of the operations carried out on your SME's network. In this way, your corporate network will be protected against possible external attacks. According to Gartner, the best network security software for SMEs based on user ratings are FortiGate: Next Generation Firewall (NGFW), Next Generation Firewall and Cisco ASA.

2. Cloud storage

In addition to its many advantages, such as cost savings and the availability of information anywhere and at any time, the cloud provides benefits in terms of data protection and security. There are several cloud models depending on their characteristics, although in all of them a server and its security are outsourced to a third party. This outsourcing allows security protocols to be carried out more speedily, as the cloud server is more powerful. In addition, most of them have preventive security solutions, powerful security systems and a great capacity to react in the event of a threat.

Some of the recommendations proposed by INCIBE to guarantee the security of your data when contracting a cloud storage provider are as follows:

• Be aware of the supplier's privacy policy and ensure that it follows established security protocols and guidelines. 
• Determine permitted services.
• Classifying and encrypting information.
• Establish a high level of password security, complemented with other verification systems.
• Have traceability mechanisms so that we know which users have accessed and what changes they have made.
• Ensuring protection against malware.
• Determine permissions policy.
• Establish backups from time to time.
• Ensuring that information is deleted when it is no longer needed. 

Both options increase the security of your SME. If you want to strengthen data protection even further, you could combine the firewall with cloud storage. This would make your SME's data much more secure, without the need to spend a lot of money. However, these are ideas for generic steps that may not always be sufficient and should be assessed on a case-by-case basis, depending on the nature of the data, the details of the specific processing or the potentially applicable risks.

As we have seen, data is a key component in the digital transformation of companies and it is therefore necessary to ensure its security. This protection depends on the degree of sensitivity of the data you work with, how susceptible your company is to cyber-attacks and the investment you can make in security systems. For more information about data protection, we recommend that you read the monograph The importance of data protection (link to the monograph). Don't hesitate any longer and guarantee the security of your SME!