In today's technological world, information has to be delivered swiftly and efficiently. And although systems crashes, stolen computers and natural disasters may be unavoidable, plenty can be done to ensure the security of data.
First, if security is to work, the entire staff has to be committed to the security policy, from senior partner downwards. A clear IT security culture should be in place, with regular audits, an asset register listing all equipment and an awareness programme for personnel that will make them understand the importance of maintaining their system's security.
Be alert to employee theft and time wasted on the Internet. Have clear terms and conditions to define and control individuals' access rights, particularly after their departure. Change passwords regularly to avoid malicious employees impersonating others while destroying data, introducing viruses, committing fraud, and so on. Good security, with alert receptionists and guards, can stop smooth-talking intruders getting into your building, and worse still, your systems.
Some loss of information, as a result of physical disaster such as fire, flood, power failure, or worse, is inevitable, so it is worth having a disaster recovery plan and investing in spare equipment, safes, off-site storage, uninterruptible power supplies and insurance. Always remember to back up your information. Keep all computer equipment locked up in a secure building and out of sight of the public.
Your data may disappear along with employees, ex-employees, contractors and even through industrial espionage, so regularly change passwords, enforce access controls, carry out audits and, where necessary, use computers without disk drives, and of course, back up regularly.
The Internet is another potential problem. Relying on it for e-mail or marketing a firm on a Web site can expose it to a multitude of problems. Hackers can change a Web site, alter information, make illegal electronic transactions and send viruses. The solution is to encrypt all vital information, introduce access controls and install firewalls on your system. This will deter snoopers and spoofers from intercepting your data.
Through telephone cloning – when a mobile phone is hacked into and the owner is charged for the hacker's calls – and telephone phreaking – where the same is done on a company phone system – hackers can use your firm's telecoms and data systems at your expense.
But network system management ensures that there is defence in depth and that the hacker will set off alarms and be tracked.
Network failure can slow or stop your company, so use resilient systems, and develop plans to cope with failures.
Prevent PC or laptop theft with cages or padlocks and avoid viruses being introduced into your firm by checking every disc with anti-virus software. Stop snoopers on the PC with tight access controls and make sure that once employees have passwords, they do not leave them stuck to the top of their computers. Otherwise use secure tokens, such as smartcards, to replace passwords.
Old visitor or ghost accounts leave potential holes in your security. Ensure these are removed and the only accounts on your system are valid and current. With the ease of software distribution, it is easy to find yourself out of step with licence agreements, but regular audits and tight control of software will help you stay out of court.
