Gaining Security Peace of Mind with Just 10 Minutes a Day
50 minutes a week – that’s how much time your business needs to devote to your information technology security.
That’s all you need…. just 10 minutes a day to ensure that you can protect your business.
But before I continue, I just want to dispel one big myth. There is no security tool that will provide you with 100% protection.
However, with what I’m about to tell you, you can p
ut some simple processes into place that can minimise any potential problem.
Applying some simple steps to secure your key systems and data is just common sense. You wouldn’t leave your front door to your home open when no one is there. You wouldn’t leave your car unlocked in public car park. You wouldn’t leave your credit cards lying around in a restaurant and just walk out.
Securing your business is easy and it definitely doesn’t have to be expensive. In fact all you need is to find the right balance between protecting your business interests and resources to accomplish the work.
But any small business is time constrained, spending time away from your core business is unproductive and usually costly.
Have you heard of the 80-20 principle? The Pareto principle (also known as the 80-20 principle) states that, for many events, roughly 80% of the effects come from 20% of the causes; 80% of your sales come from 20% of your clients.
Using this principle, any business can apply the 80-20 principle in ensuring greater security with least amount of effort.
Your 10 Minute Daily Routine
Step 1: Make sure your workstations, laptops and other devices have the latest anti virus protection. Make it easier by using a management program that shows you which workstations are up to date and which aren’t. Use the anti virus management program to manage the distribution of the latest updates.
Step 2: Make sure all your systems are updated with the latest patches. Once again, use management systems to manage this process.
Step 3: Review your backup and make sure that your backup process worked. These days, you can get daily alerts for backup activity. Once every three months, run a test restore to make sure that your backup works
Step 4: Either switch off or lock all workstations. There is no reason to allow users within your business free access to other machines. This minimises data theft and unwarranted software installs. Also control what USB capable devices are plugged into workstations and servers, there should be no reason for non company owned devices to be plugged into company workstation and servers.
Step 5: Never leave personal information lying around the desk such as passwords, pin numbers or other identification.
Here are two more steps that every user within your organisation can do help your business create a stronger culture of security awareness
Step 6: Do not respond to emails or phone requests asking you to provide them with personal information such as banking details, identity information, birthdates or otherwise. If you are unsure in your own time verify the validity of the organisation or seek advice.
Step 7: Encourage staff to be vigilant and reward them when they find better ways to implement better security measures within your organisation.
"It is not necessary to do the extraordinary things to get extraordinary results" – Warren Buffett.
For further highly informative and practical step by step guide in gaining Security Peace of Mind, download The Essential Guide to Information Technology Security Best Practice.
Boaz Fischer is the CEO of CommsNet Group, a leading ICT health monitoring, performance and security organisation in Australia. He holds a Science degree from the Australian National University and a Master Certification in Neuro Linguistic Programming (NLP). Boaz has written a number of security articles with the Security Solutions Magazine and authored a book "The Essential Guide To Information Technology Security Best Practice". For further related security articles, visit CommsNet Group web site.
____________________________________
Boaz Fisher is a guest blogger of our "e-Secuity & Small Business" forum which is part of the National e-Security Awareness Week, an annual initiative aiming to raise awareness about the importance of e-security among Australians.
To learn more, visit http://www.staysmartonline.gov.au/ today.
To find out about how to protect your business and your customers and stay safe when working from home, go to http://www.staysmartonline.gov.au/small-business-security, or sign up for the following free services:
__________________________________________
StephenWilson
June 9, 2009 at 1:16 am
Security suffers from a different myth
There's lots of good advice here, I couldn't fault any of it technically. There are a few additional pointers worth mentioning. Like pick passwords of at least 8 mixed characters … change your passwords regularly… look out for and double click on the SSL padlock icon whenever transacting online … install and configure a personal firewall … write a security policy……..
Ad infinitum. All good advice, but overwhelming, and what's worse, totally ineffective against organised crime and inside jobs (see my recent blog entry).
Boaz says there is "one big myth", namely that security tools can provide you with 100% protection. He's right — there is no such thing as a perfect tool. But I worry about the opposite myth, unwittingly perpetuated by this well meaning blog: that security is all about process and behaviour. The onus on the humble user to pick proper passwords, look out for SSL connections, patch their operating system and so on … has simply gone too far. You can do all this, and more, and still have your identity stolen because an organised crime gang has bribed a database administrator to hand over a million records, or has spent months and months infiltrating a backend system and downloaded a hundred million credit card numbers.
Sorry, this is going to sound politically incorrect, but e-security should not be viewed as some sort of organisational continuous improvement program. Sure we need to be vigilant and careful, and security specialists need to be improving all the time, but I don't think we need ordinary staff to be spending time trying to "find better ways to implement better security measures". We don't treat banking or the power system like this do we? If I heard that my bank was having to reward its staff for finding better ways to defeat robbers, I'd be worried!
So often we're barking up the wrong tree, meaning well, but ducking the hard questions of how to secure the digital economy infrastructure. For instance, the UK Information Commissioner's Office recently launched a new "Personal Information Promise" for British civil servents. Surely we can do better than this. If you walked into a bank branch and saw a poster proclaiming that staff had pledged to take care of your money — as if that were the centrepiece of their security system — you'd probably take your business elsewhere.
The most damaging myth of all is that "security is not a technology issue" for this blinds policy makers to the truth that, as with all safety and security, e-security requires a blended approach, including enforceable minimum preventative measures, and yes, new technologies.