Your IT system, and the information it holds, is valuable. There is a security risk in simply using a computer to process business data. Once connected to the internet, that risk increases significantly. However, with some key precautions, you can keep that data safe.
This briefing covers:
Some spyware is more dangerous and may record information you enter online. For instance, it may note your online banking login details, and send them to fraudsters who can then clean out your account.
Your security will not work unless you set up good procedures and follow them.
Assign clear responsibility for security.
For example, you can buy separate virus and firewall packages.
For example, software which allows external access to your network.
You reduce security threats by controlling access to your systems.
For example, only those in the HR department should be able to view employee records.
They should be longer than eight characters and use upper and lower case letters, numbers and symbols.
For instance, do not let employees write their passwords down.
You may want to set them to expire every month so users are forced to change them.
Promptly remove the accounts of former employees.
Your IT administrator or supplier can advise on security measures.
Without backups, any loss of your business data could be disastrous.
They can be very convenient, but ensure the backup company is trustworthy.
Appoint a deputy to cover for their absence.
Microsoft Windows includes a basic backup application.
For example, what would you do if both your system and your backups became infected by a virus?
If you lack in-house expertise, ask your IT supplier for assistance, or bring in a security consultant.
You should take precautions to secure your hardware from theft and physical damage.
Keep all servers off the floor in case of flooding.
For instance, issue employees with plain laptop bags or sleeves, rather than prominent branded bags.
Instead, keep it on your server.
This ensures thieves will be unable to access the data if they steal the machine.
If you have to do this, ensure the data has been encrypted first.
Deliberately or accidentally an employee may:
For example, using another employee's password to save time.
Include computer security training in your induction sessions.