Good practice security checklist
The most pressing information technology security problem facing business owners is not computer hackers – the majority of security breaches actually come from a company’s own employees. To help combat this we have developed a security checklist.
Your users are usually not doing it on purpose though, most breaches are accidents, such as an employee mistakenly emailing confidential client information outside the company, a cashier leaving a customer’s credit card information on a publicly viewable terminal, or inadvertently deleting important files.
Downloaded breaches (DLP violations)
One of the most common breaches is accidentally downloading malware which are those nasty little computer viruses and Trojan horses that can cause mayhem in your computer network.
Evaluate your technology security
IT security doesn’t have to be sporadic and piecemeal.
Ideally, you should regularly evaluate your IT security as part of a larger review of all your systems. The idea is to make sure your tech gear and processes aren’t out of step with your business strategy.
1. Strategy and human resources policies
- Does your company have a clear security policy that’s known to staff?
- Have you defined a policy on acceptable use, password guidelines and security practices?
- Do you have confidentiality agreements for contractors and vendors?
2. Data backup
- For critical data (this is anything needed in day-to-day operations, including customer information), do you centralise it on a server and back it up nightly to a remote location?
- Important data (anything important to the business but that doesn’t get updated frequently) – do you centralise it on a server and back it up semi-regularly off-site?
3. Desktop security
- Do all computers have working anti-virus software?
- Have you got a security policy for downloading and installing new software?
- Are your passwords set with a minimum of eight alphanumeric characters that are changed every 90 days?
- Can you state that all your computers are updated with the latest system updates and security patches?
4. Internet and network security
- Do you have a firewall and intrusion detection on all web connections?
- Are you using a virtual private network (VPN) for remote access?
- Have you reviewed all modem and wireless access connections known and ensure they are secured?
5. Privacy and sensitive information
- Is customer financial information encrypted and accessible only to those who need it?
- Are paper files kept in locked filing cabinets with controlled access?
- Do you do a periodic audit (every six months at least) of your security checklist?