Protect Your Business from a Security Crisis
What would you do if your company lost or leaked sensitive client information, intellectual property or access to financial accounts? In the aftermath of a security breach, you may groan and ask, "Why didn't someone do something to protect us from this mess?"
It can happen in an instant with an unsecured laptop, a malware attack, external fraud or internal misuse of company information. And like cleaning up an oil slick, the damage can be difficult to contain. The time and resources needed to recover various assets may be daunting and expensive for any business.
The Risks Are Real
Better protection against IT threats starts with company-wide policies and procedures that address the risks, including:
Online attacks. Define best practices for keeping systems secure with antivirus, anti-spam and antispyware software, including instructions to download and install patches to your operating system and Web browser software as soon as they are released. Consider installing Web content filtering software that restricts browsing inappropriate or risky sites.
Gaps in systems administration. Limit systems administrator access to only those who absolutely need it and create a plan to regularly monitor for unusual activity. Reserve software application downloading capabilities for systems administrators by locking down individual computers.
Weak passwords. Establish rules for strong passwords and require employees to keep passwords confidential. Disable passwords of former employees and reset logins for internal systems and vendor applications, accounts and websites when employees leave the company.
Unacceptable computer use. Establish rules for browsing the Web, using e-mail and social media sites. Set boundaries for using thumb drives and removable devices, as well as laptops used on business trips or at home. Establish a policy for computer use that spells out the risks and consequences of unacceptable computer use.
Third-party security breach. If you outsource your IT infrastructure, ask about the security policies these service providers have in place to make sure they meet your standards.
Put IT in Writing
IT security policies should address the full range of IT-related issues clearly so all employees – not just those on the technology team – understand their roles in keeping the business secure. The policy should include at minimum:
- A summary of the objectives and scope of the policy.
- Roles and responsibilities of individual employees and departments.
- Acceptable use and encryption policies.
- Risk management procedures including access controls and system backups; security awareness and training; and audits.
- Security standards for application service providers to protect against breaches in their networks that could affect yours.
- Disaster recovery.
- Compliance and monitoring procedures.
- Documentation of procedures and disciplinary actions.
We're Here to Help. Ask us for more information.