Article
Four Small Mistakes That Could Compromise The Security Of Your Small BusinessAnita Ginsburg
With so many high-profile security breaches in the news, it is no surprise small business owners might begin to wonder if they aren't next. For some of those entrepreneurs, even having an advanced degree in computer science isn't going to help them avoid those security problems either, because security is no longer just a matter of installing a firewall and avoiding e-mail chain letters. What can be done by the average small business owner to avoid security problems day to day? Password Policy Make it clear to every employee they are not to share their password with anyone, ever, for any reason. The only time they should even consider it is if they are directly ordered to divulge that information by a judge in open court with the company attorney giving them permission. Even an old password can give an attacker a pattern they might need to dramatically reduce the possible letter and number combinations necessary to break in to your systems. Lock and Key If your company has any physical premises, every door, window and storage device should have a fire-marshal approved physical lock with a physical key in the hands of the closest employee and a labeled duplicate stored in the safe. While this might seem like over-securing the office, the truth is one misplaced stack of documents can be all it takes to trigger a medium-sized legal nightmare. When in doubt, lock it. Cold Password This is a rather obscure policy, but it can help prevent something called "social engineering" from victimizing your employees. Anyone who asks a "sensitive question" regarding your company's security should be authorized to get an answer. The way to do this is to have a set of "cold passwords." These are words that are known to the company employees but to nobody else. This way, if someone is authorized to obtain security information from an employee, they will know today's password because someone with managerial authority gave it to them. If they don't know the password, then they aren't authorized and should not be given the information. Document Storage This policy can dovetail with your policy of shredding unnecessary documents, provided you have criteria for determining what should and should not be held in document storage. Every company has important information they need to secure. It’s important to identify those important records and provide solutions on how to keep them safe and well-organized. For documents that don’t need saved anymore, it’s important to dispose of them properly so you don’t compromise sensitive information. Companies like Vital Records Control can help get rid of sensitive documents safely. So many of these options are inexpensive enough they shouldn't require a second thought. Taking chances with security is never worth it. Follow these simple tips to protect your business. |
Print
RSS
Feedback
Submit Article
 Add comment
(Comments: 0) |
