How do you manage your IT security?
Whether you are running an enterprise, or a small business, you need to be managing your IT security and to do that you need to understand what the risks are and how best to mitigate them.
Step one, and probably the easiest of all, is to ensure your hardware is secure. Can someone break into your office, pick up your server and leave town? Consider who actually has access to the server and ideally locate it in a secure environment. Do you want your cleaner to have access to your server? Probably not, so lock it up.
Then you need to look at what information you have and where it’s actually located. Understand who has access to this information, what permissions (if any) are in place and are the security controls appropriate relative to the level of risk? If you are unsure, then get your IT people to do an audit. Then it’s simply a matter of putting in place the access controls.
Next is to ensure that you have a backup of all your data and to confirm that it actually works. How often you back up does depend somewhat on the size of the organisation but it is simple enough to work out.
What will be the impact on your business if you have to rely on a back up of a week, a month or 6 months ago? Doing a backup these days is pretty simple so my advice is to do it daily. Then, if the worst happens, a virus attack, fire, theft, a willful act by a disgruntled employee, or something equally devastating, then the worst is a restore of yesterday’s data.
With backups in place, it is equally importantly to test it periodically to ensure it actually works and you can recover the information when needed.
One of the biggest threats to business now is virus and malware attacks in all their skullduggerous forms. According to an article in PC Week, Panda Security state that,
" 20 percent of all of the malware that's ever existed was created in 2013.That’s the equivalent of 30 million new malware threats in one year, or about 82,000 per day."
So, attacks are arguably your biggest threat to business continuity and you must have in place up-to-date protection. It is a specialised area but any protection is better than no protection.
Finally, something to consider when you buy new PC’s or laptops - What happens to the information on the old ones? Don’t just let them go out the door without ensuring the hard drives have been completely cleaned of data. There are various types of data erasure methods from a simple format of the hard drive to specialised software designed for the purpose. Again, it is a matter of managing risk to decide on what level of security you need but of course if you want some exercise, pull the drives out of the machine and drill holes in them.
Importantly put a plan in place today before you need it!