Evaluating security in a corporation is a difficult task. It’s an intense and continuous process involving technology and proper management. However, it’s absolutely essential to staying alive in today’s business environment. There are 10 commandments that one should follow that guide the decisions everyone should be making for the security of their businesses. Let’s begin:
Define the policy
The security policy is a document that guides all data security in an organization. It shouldn’t be a one-pager, but it can’t be 100 either – or no one will read it. Write it; then present it.
Use security technology
Any network housing secure data (everything about your company and your people) needs to be protected. That means installing the proper security measures, such as a firewall, spam filters, virus protection, etc. The firewall blocks unknown connections to your system, the spam filters block garbage and pop-ups, and the virus protection gets rid of anything that happened to make it through.
Everyone from the CEO to the janitor needs to be aware of how to use the system, how to avoid threats, and what they can do to prevent incidents. Social engineering is becoming more and more difficult to spot, so it would be wise to implement training with examples of malware, email scams, and other things that corporations can face. Numerous high profile companies like Target and Best Buy were hit in the past couple years due to poor awareness and poor security measures.
Data is always stored. The question is where. Where are the servers located? Who has access to that physical location? What is your plan in case there is a breach at this location? Even something as simple as the printer can be dangerous. Many printers offer a secure-print feature; turn it on!
Keep your hardware and software up to date. Security solutions from major providers like Norton, McAfee, and other industry players release frequent updates to ensure that you face less exposure to potential threats. New issues are identified across the globe daily, and fixes are built into each release the company puts out. Make sure you have the latest updates installed asap.
Everyone is accountable
The tech department is not the only one responsible for the company’s data, everyone is. Provide the proper training and hold everyone in the organization accountable for safeguarding data.
Careful with access
Evaluate who should have what types of access. Top access/administrator rights should be split among the IT leaders so that one person does not have full control of the system. Additionally, system admin access should never be given to the average employee. Carefully review and choose who should see what and create a policy that you will follow to the T.
Don’t be cheap
Security measures and products are put in place to protect the company. Don’t sacrifice the security of the company because you were too cheap to buy the correct system. Find a product/service that fits your needs and go with it. Do not let money be the factor that causes you to pick a system that’s less than necessary. The risk of loss is millions of dollars down the road with a poor system.
Security is continuous
Don’t leave security alone. Security is a continuous process of monitoring how things are going, adjusting, and improving things going forward. Continue to question processes and make them the strongest they can possibly be.
Understand the importance of information security
If you haven’t seen the news recently, you’ve missed high profile cases one after another where the CEO stated “I didn’t think it would happen to me” and the company loses millions of dollars. Security breaches are very real and can happen to anyone. For example, hackers managed to knock out the US governments Department of Transportation website for a good 15 minutes this past year. The threat is real. Be prepared.
These are the 10 commandments of information security. We hope you enjoyed them. Stay vigilant.