As 2009 draws to a close, I wanted to take a moment and discuss how to make 2010 better. For some, this year has been a nail-biter and for others it has been very profitable. In my dealings this year, I believe that there is one thing that businesses continue to overlook to their detriment…SECURITY.
As in years past, security will continue to be a hot topic. This year has been riddled with data breaches and new legislation. The health care industry is undergoing changes that regardless of the final outcome in Washington, has cast a spot light on the industry. The push for electronic medical records is forcing many to challenge existing security measures.
The most critical security improvements in many companies during the next year will come from within. Security has traditionally meant defending from outside attacks, but with the exponential growth of social media sites, companies must defend from the inside out. Many organizations this year were the victim of internal data loss or leaking. Organizations will begin to more heavily challenge employee’s access to data and how it is shared.
Many small businesses I have met are concerned with security but feel it too expensive. Others simply don’t feel they are a target. In the larger organizations security is a priority but costs have forced some to put off changes until later.
I propose a few changes that can be implemented this year for little or no cost.
1) Renew firewall security services.
These services are vital to protecting your network from would be attackers. Depending on the size of your company this action is very inexpensive and gives a layer of protection you cant afford to be without.
If you are using a off the shelf router such as Linksys to secure your business – ditch it. If you are in business you need a business class device like SonicWALL and others produce.
2) Change your Password!
The majority of people have one password for everything. Even worse, most of them have it written down somewhere. In an office environment, it is NEVER necessary to share your password with someone. If it has been more than 6 months since you last changed your password, do it TODAY. While we are at it, lets also change all wireless and administrative passwords as well.
Also, remember to use a secure password. A good rule of thumb is an 8 character minimal password with upper-case, lower-case, and a special character. Cheap programs like RoboForm can help you keep track of your passwords so you don’t have to write them down as well.
3) Acceptable Use Policies
It may sound simplistic but if you don’t have written policies for computer and internet usage then you are at risk. Clearly explain to users what is an is not acceptable use of computers and company internet access. An employee that installs illegal software can cause your company undesired public scrutiny.
If you haven’t already done so, you should also consider adding a clause that defines appropriate use of information. Employees need to know that sharing information about the company outside of approved channels has consequences. Review and have your employees re-sign your usage policies at least annually.
4) Off Site Backup
Storage space is cheap! If you are still not storing backups remotely as part of your strategy you are in trouble. Services like Mozy give you the ability to save your most critical data even in the event of physical damage or theft.
You need a local copy of data for quick access but remember, you should always have a 3 tier structure for data retention. Online, Near line and Offline. This system allows you to retain control of critical business data and protect yourself regardless of what happens.
I hope these inexpensive thoughts will help you gear up security for the upcoming year. Please leave your comments and let me know what you are doing to secure your data and network.
