10 questions to boost your tech security
What’s the biggest technology security problem that Canadian business owners face? If you said computer hackers, guess again. The biggest problems, by far, come from a company’s own employees. The good news: They’re usually not doing it on purpose.
Most of the security breaches involve accidents:
- an employee mistakenly emailing confidential client information outside the company
- a cashier leaving a customer’s credit card information on a publicly viewable computer screen
- a manager inadvertently deleting important files
Malware can wreak havoc
One of the most common breaches: Accidentally downloading malware—those nasty computer viruses and Trojan horses that can cause mayhem in your computer network. Also very common: Neglecting to back up data regularly.
It’s essential to take the time to educate yourself and your employees about any tech security risks so you can figure out how to protect your company before any data are lost or compromised.
Here’s a checklist for making sure your IT assets are secure.
1. Do you have an IT security policy
Your security policy should cover acceptable IT use, password guidelines, security practices and procedures for downloading and installing new software. Employees must be regularly informed and trained, if needed, about any changes to your company’s security policy. They also need to understand that the use of their user id and password must not be shared or disclosed.
2. Have all your cloud providers been evaluated by IT staff?
Choose your cloud service providers wisely. While many have good Internet security, not all of them do. You can be at risk if the provider has poor security, leaving your data vulnerable to an attack. Find out how your business would be protected if your provider has a security problem.
It’s also important to implement specific security procedures to protect your business’s laptops when your employees are working remotely.
3. Is your critical data on a server that is regularly backed up to a remote location?
Identify critical data with help from senior management. Data that needs protecting includes financial and customer information. Then ensure that it is regularly backed up in a place that won’t be affected if your business gets hit by a disaster.
Any data that’s considered important to the business, but not updated frequently, should be backed up semi-regularly off site.
4. Do you have a firewall or intrusion detection systems on all web connections?
A firewall can be hardware or software, or both, and monitors incoming and outgoing network traffic. It decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls have been a first line of defence in network security for over 25 years.
An intrusion detection system is software that can detect attacks hidden from an ordinary firewall. However, it shouldn’t be used as a firewall replacement because a combination of both security components ensures adequate protection.
5. Do all computers have working, updated anti-virus software?
Be sure to keep your business’s computer software updated to keep cybercriminals at bay. You and your employees need to practice safe Internet habits, such as never opening attachments or following links from unknown sources.
6. Are all modem and wireless access connections known and secured?
A poorly secured Wi-Fi system can leave your business vulnerable to a hacker within range of your network. A hacker could gain sensitive information, damage your systems or install ransomware. If you or your employees are using a public Wi-Fi system, you should avoid accessing sensitive information because the network may not be secure.
7. Do contractors and vendors adequately protect your data?
A privacy policy and confidentiality agreement with external vendors will ensure that any information exchanged between your business and external parties is adequately protected and only authorized personnel should have access to your information.
8. Is your customer financial information encrypted?
Hackers and cyber-criminals can use unencrypted customer financial data like credit card numbers, email addresses, and home addresses to commit identity theft and steal your customers’ money. Also make sure the information is accessible only to those who need it within your company.
9. Are paper files kept in locked filing cabinets?
The removal of physical documentation from storage should require your approval. Provide employees with controlled access when they need information.
10. Do you do a periodic audit of your IT security checklist?
Many business owners pay lip service to tech security without investing money in it. Unfortunately, action often gets postponed until an essential computer crashes or systems get infected by a virus. With the growing use of mobile devices, wireless computing and remote workers, the security challenge is growing bigger for entrepreneurs. Do a check of all your IT security measures at least once every six months to safeguard against major attacks or loss of information.
If these processes seem too complicated for your business to handle, you may want to consider hiring outside help.