|
The Verse - Volume 13
return
Tech Tips - IT Security for the Small Business
What do you think would happen if your company lost all of the files on your server? What if your number one competitor acquires access to your customer database? Or maybe your accounts receivable are suddenly scrambled beyond comprehension?
While these scenarios are the stuff of the small business owner’s nightmares, they are by no means impossible. We all know about viruses, but they aren’t the only threat to your information technology (IT) security. Natural disasters like floods or lightning, fire, employee theft or sabotage and just plain old accidents can cause tremendous damage to your company’s data and for that matter, your company.
OK, OK, enough of the scary stuff, let’s get to how you minimize your exposure to these IT security threats. By focusing on some simple guidelines in the way your company deals with people, policies and procedures and your technology and systems, you can greatly improve your IT security.
People
The old adage is that our people are our most important asset. The reality is that sometimes when it comes to IT security, they can be our greatest liability. Most information loss and theft comes from internal sources such as disgruntled current or former employees, rather than the “hackers” we would assume are the biggest threats.
Creating a corporate culture that protects your information will improve your IT security while it improves your entire organization. Background checks and ethics screening should be performed with all applicants. New hires should sign a privacy, non-disclosure and acceptable use agreement, so they know what's expected of them. The acceptable use policy should make it clear that company equipment is for company use only -- no personal e-mail, Web surfing, file-sharing, etc. This also makes it easier to detect when employees use information in an unauthorized manner.
Also, make it clear to all employees how theft or loss of information hurts the business and everyone in it.
Policies and Procedures
As in every area of your business, good procedures are essential for effective IT security. One of the easiest ways to protect your company is to destroy old information, both the electronic and paper variety. Create a policy for destroying old information on a scheduled basis. You should also organize your information and store it in a central location to improve workflow and ensure that data is backed up.
Create and use a password policy including regular password changes. This prevents an ex-employee accessing your systems with an old password, often a password of one of their ex-coworkers.
Audit your IT systems on a regular basis, once every year or two. Using outdated technology can make it difficult or even impossible to recover from a disaster. Also, failures in old hardware are almost always harder to repair or replace.
Regularly backup your data and store backups off-site. In case of fire or theft, you don't want your backup lost with your original. You can even schedule a regular pickup with a courier service to ensures that your backup goes offsite and is stored in a secure environment, rather than in the glove compartment of your car. The summer sun can do a number on a backup tape!
Remember to test your backups once a month. Having data backed up won't do you any good if you can't use it.
Technology and Systems
Use technology that can help keep you more secure. Use an encryption software to encrypt all of your sensitive data, especially on laptops. A password on a laptop can be deleted or reset in a matter of minutes, laying bare all your data.
For old computer equipment, use a program that deletes all of the information on the hard drive before disposal. Just erasing the data does not make it fully inaccessible.
Install virus protection and keep it current. Run a periodic scan of your complete system.
Secure your wireless networks – both your wireless access points and your computer.
If you use information, there will always be security risks. By following these tips, you can greatly reduce the chances of theft or disaster and protect your information.
|
