Too many businesses ignore best practices for IT security because they’re strained for resources. In this guest post, Beverly James outlines some low- and no-cost ways to improve security in your organization.
While a strong information security stance will help keep businesses running after data breaches, the real goal to prevent the attack from happening in the first place.
However, the unfortunate truth is that, until a breach happens and money and confidential data are lost, many businesses don’t take information security seriously. Often, the reason is a lack of resources.
But preventing security attacks — both technical and physical — is critical for protecting the business’s bottom line. Here are some key — and cost-effective — strategies that businesses should have covered in order to minimize the threat of an attack:
One strategy that costs nothing is communication. Data breaches often happen because people do not communicate enough. You should put procedures in place for checking visitor authenticity and access to your business and systems. This could range from asking your staff to have a clear desk policy requiring them to file away papers at the end of the day to asking staff to lock computers when they’re away from their desks.
2. Check on the staff
Be certain that your employees and others throughout the company know where their responsibilities lie, and well as how to recognize attempted hacks and scams. A short period of time out of the normal working day spent training them on these issues can really make a difference.
You should also audit your staff regularly – employees often pose the greatest threat to a security breach. According to ISO 27002’s code of practice, this is a sure-fire way of protecting your business.
3. Protect keys
A common cause of physical break-ins is an employee leaving the company without returning a key. Having several people as key holders is a good idea, as is knowing where all keys are at any time and removing access to technical systems when an employee leaves.
4. Don’t be soft on software
Evolving businesses should always be freshening up their systems with new programs and software initiatives, but they don’t always uninstall old and unused applications quite so quickly. Outdated applications often carry security issues and don’t meet modern day security requirements. Equally important is installing effective anti-virus programs.
5. Keep servers separate
A frequent security faux pas is that businesses don’t do enough to ensure that any attackers who do crack the system are not welcomed into the very core of the business. Web servers should always be segmented from main file servers for this reason.
The future of information security
To prevent your business from being one of the break-in statistics, make sure you apply the three ‘A’s to your business’s security strategies – authentication, authorization and accountability.
Your authentication procedures should also take a multi-level approach. For example, by using knowledge (such as a password), possession (a key or swipe card) and embodiment (the person’s fingerprints) as levels of security for every member of staff, you can drastically reduce threats to your business.
Remember to take a balanced approach to security. A conglomerate is unlikely to have identical security needs to a sole trader’s café. Above all, communication will help to make sure your security measures are put into place properly.
About the author: Beverly James works for Acumin, an international recruitment specialist offering executive searches in areas such as Penetration Testing, Information Security and Risk Management, Technical Security, and Governance and Compliance. Acumin was established in 1998 and is the host of RANT (Risk and Network Threat Forum), an event which provides regular, informal networking opportunities for senior-level professionals operating in London’s Risk Management and Information Security market. As an international specialist in IT security recruitment, Acumin works with clients across Europe, the UK, and the United States. Find out more at www.acumin.co.uk