“Disaster recovery plan” should be words you’re pretty familiar with saying. Many business owners don’t realize just how much trust they’re putting into the hands of a few members of their business’ IT staff. All it takes is one individual with the appropriate information and a grudge to completely bring your computer system to its knees for an undetermined amount of time. By taking the appropriate steps now, you can help make sure that even the most experienced IT professional can’t do anything to harm everything you’ve worked so hard to build. As a business owner, you have to do place an emphasis on learning how to avoid having your data held hostage.
Encryption keys are a great, efficient way to make sure that your business’s important information is secure – so long as the person holding the encryption keys isn’t the one holding your data hostage. The purpose of the encryption key is to transfer your data into blocks of unintelligible information. The data then cannot be accessed in any type of useable way unless the key is used to switch it back to its original form. In a perfect world, only someone with an encryption key will be able to access and make changes to your business information.
The IT team responsible for managing your business in the digital realm is supposed to hold these keys. If you’re ever forced to let an IT employee who’s responsible for these encryption keys go, you need to make sure to revoke their access to your system. If they have both access to the encryption key after their employment is terminated and an axe to grind, they could potentially access your work system remotely and access all the data contained on it. An ex-employee could also hide your encryption keys, making it next to impossible to access all of your existing data.
One great way to make sure that nobody can hold your data hostage is to perform regular backups at an external or “offsite” location. The purposes for this are twofold. For starters, it’s always important to back up your information offsite in case something happens to your physical business location. Secondly, offsite backups would be impossible for an ex-employee to gain access to and hold for ransom.
Depending on the size of your business, certain backup services allow you to update your backups every time even the smallest change is made. If an ex-employee were to hide your encryption keys or attempt to use those keys to remotely access and change your data, you would still have a fully functional and correct set of backups stored offsite. It goes without saying, however, that access to these backups also needs to be properly managed to avoid a potential catastrophe later on.
Someone who is a trusted employee today may not be held in such high regard tomorrow. Employee and employer relationships can deteriorate overnight, but you shouldn’t let that unfortunate situation take your livelihood along with it. By properly managing who has access to your company’s encryption keys and what they’re doing with those keys, as well as regularly backing up your data offsite, you can make sure that your business’s secure information stays that way.