Data loss can spell disaster for any organization, particularly if the data ends up in the wrong hands. As such, no company can be too vigilant when it comes to protecting their digital assets. Contrary to popular belief, it is actually smaller businesses that present the favorite targets to hackers. Small companies represent something of a sweet spot between consumers with smaller financial resources and large enterprises that typically invest in highly expensive state-of-the-art security systems. Nonetheless, even the smallest businesses that handle sensitive data should have the following security policies in place.
1. Mobile Security
When working on the road, your data is at an increased risk of falling into the wrong hands. The same applies to companies with bring-your-own-device (BYOD) policies and those who let their employees work from home on occasion. Public wireless networks in particular present a significant risk, since snoopers can listen in on the digital traffic between the Internet-enabled device and the local router. Every company should have a strict mobile security policy in place, and any devices used outside of the workplace should always be protected by a virtual private network (VPN) or other encryption methods when connecting to public Wi-Fi networks.
2. Limited Access Rights
There's rarely any reason to give your employees full access to your company's IT resources. Even if data sabotage is not intentional, full access rights present a whole array of potential problems from malicious software to users unwittingly tampering with important system settings. Windows and all other mainstream desktop and mobile operating systems allow you to set up limited user accounts that prevent people from installing unwanted software or changing advanced system settings. Only network administrators should have full access, since only they should be responsible for system updates and maintenance. Even the CEO shouldn't log in under an account that has full administrative access. That way if the CEO's account is compromised, the malware or hacker that compromises that account doesn't have access to the entire company's programs and data.
3. Acceptable Use Policies
Every company should have an acceptable use policy when it comes to allowing its employees access to any of its digital resources, be they local or remote. Some companies are so strict when it comes to the use of their IT resources that they ban any non-work-related websites outright. However, such draconian measures are rarely necessary and would likely have a detrimental effect on staff morale. Nonetheless, it is important for both data integrity and productivity in the workplace to lay down some ground rules and make sure they're enforced. You may also want to use monitoring software to ensure people are following these rules.
4. Data Backup
Thanks to the extensive range of data backup and synchronization solutions available, there is no excuse for having only one copy of important data. As such, many companies are migrating to the cloud for a considerable portion of their data management. It's never a bad idea to keep local backups of important digital resources as well. For example, you can configure RAID setups on servers to ensure that duplicate copies of all data are stored across multiple devices at all times. In a RAID setup, if one disk fails, a redundant one will still hold a backup of all of the data.
5. Password Policies
Your company's password policy is one of the most important security aspects of all. A strong password can prevent access by even the most determined of hackers. Combined with a powerful data encryption solution, passwords help you lock down your sensitive digital data resources quite effectively. The strongest passwords, which are impossible to hack using even the most powerful supercomputers, typically follow the 8+3 rule. These passwords consist of at least eight characters including at least three of the following four items:
- Uppercase letters
- Lowercase letters
Additionally, no passwords should contain personal information or dictionary words, and each one should be completely unique.
Having IT security policies in place is only effective if you intend to enforce them strictly. You'll need to educate your team to be vigilant online and respect the integrity of your company's data. If you're not confident that you can adequately draw up and maintain such policies, INDIGEX can help. We have great ways to help you establish and enforce your company's security policies.