What are the 5 security measures?

Guest Contribution by Sherryn de Vos

When tech executives hear the word security nowadays, the first thought that crosses their mind is likely of digital security because digital threats constantly emerge as technology continues to progress with the speed of light.

Generally, tech companies sell their products and services worldwide, so they have to meet national and international regulations related to handling data safely and reacting to various breaches and threats responsibly.

And today’s tech companies progressively host all of their data and sensitive information in the cloud, so it makes perfect sense that physical security is getting more or less neglected in favor of its digital counterpart.

Make no mistake, though; physical security is as important as ever! Despite everything, the digital assets of tech companies are still vulnerable to on-site threats. In some instances, it may be easier for criminals to walk through your company’s front door and thieve data directly off of your company’s hardware than to hack it remotely.

Securing your tech organization’s assets doesn’t inevitably demand extreme nor expensive measures. All it takes is a well-planned physical security strategy and employees prepared to prioritize various security protocols on an everyday basis.

Even the best antivirus software in the game won’t stop someone from breaking-in, or even worse, someone with authorized access to misuse their authority. That’s why physical security mustn’t be neglected in modern-day tech companies. Without the appropriate protection measures and strategies in place, your business is left vulnerable to physical threats.

Here Are The Top 5 Physical Security Measures That Every Business Should Implement

To secure your staff and company assets from the threats of outside intrusions, start by securing your premises from the outside in. While many factors play into the type of exterior security measures you may need, the assets you hold and the level of criminality in the area remain the top two factors that need to be considered when developing a robust physical security strategy.

One of the best security measures that any tech company can implement to fight unwanted intrusions is to issue a company ID badge for all staff and visitors. This simple step that can be set up in a day ensures that anyone who wants to get access to company premises needs to draw or swipe their ID badge for security purposes and cannot gain access to the facility without one.

Your tech company should consider exterior fencing, license plate readers, emergency call boxes, outdoor lighting, signage, and security officers, among other security measures. Perhaps your business won’t require every one of these security measures, but you should most certainly take steps to secure your premises and perimeter from outside intruders.
Surveillance is a strong deterrent against criminal activity on business properties of any kind, and the same goes for tech companies’ headquarters and offices. The best option here is to go with some form of closed-circuit television (CCTV).

While regular cameras can provide evidence of criminal activity to catch the wrongdoers, CCTV can deter the intruders as well. Put clear signage in place, so individuals will know that they are on camera and not consider any wrongdoing while on your company’s property.

Another surveillance option that goes well altogether with CCTV is round-the-clock surveillance from a professional security firm. If security officers might be too expensive for your tech startup, discuss the potential to share a security patrol officer with other local businesses or companies that use the same premises, and spread the cost.
Backing up all vital data is a critical element in disaster recovery, but never forget that the information on those backup discs and hard drives can also be stolen and used by someone employed in the company or an outsider.

While many IT managers keep the business’s backups next to the server in the server room, be smarter and lock them up in a safe or a drawer where only a number of people can gain access.

Besides, keep a set of reserves off the site and ensure they are appropriately secured in the offsite location. Besides backups, train the staff to embrace using the appropriate antivirus software while using the computer systems.

If you allow your employees to back up their work on external hard drives and other devices, ensure to install company policies that require backups to be locked up at all times.
The majority of tech companies usually allocate the operating space, and within the divisions of that working area, the sensitivity of data storage and access privileges differ. It’s imperative to realize and understand where the most secure areas need to be and how they will be protected.

Acknowledging the business value associated with confidential information is a logical way of assuring appropriate investment in security. Still, despite putting various physical barriers in place, sometimes it can be tough to confirm who is and who’s not entering the space in question. Here are a few ways to ensure access control within your company:
- Implement and ensure supervision requirements.
- Perform identity checks to make sure those secure accessing spaces are who they expect to be.
- Review the access log to have a list of people owing to access identities and evaluate the access list regularly.
One of the fundamental things that you can do within your tech company to ensure physical security measures is to make your staff take security seriously. Whereas employees should never be encouraged to do check-ups on anyone, they can be a precious line of defense in terms of surveillance and general company security.

Offer regular training sessions about the importance of proper security practice and educate them on the things they can do to help the company become more secure.

( Also Read: Step-by-Step Guide to Create a Cloud Security Strategy )

Final Thoughts

Through its primary purpose to protect the facilities and belongings of the company, physical security has immense importance to every severe business organization. Nowadays, tech companies exclusively focus on the technical and administrative aspects of security but forget that all the firewalls, intrusion detectors, and other physical security measures would come of little to no use if someone breaks in the organization and gains access to essential data.

***

Sherryn de Vos is living in the beautiful city of Cape Town. She worked with a startup brand that launched in South Africa called GoBeauty where she was assisted with content generation, as well as conceptualized events focused on women’s health, entrepreneurship, careers, and tech to run alongside the brand. She has extensive experience in writing and uses a lot of her practical experience to create useful content in the business, finance, and marketing world.

Data security should be an important area of concern for every small-business owner. When you consider all the important data you store virtually -- from financial records, to customers' private information -- it's not hard to see why one breach could seriously damage your business.

According to the most recent Verizon Data Breach Investigations Report [PDF], an estimated "285 million records were compromised in 2008." And 74 percent of those incidents were from outside sources.

We consulted Roland Cloutier, Chief Security Officer for ADP and a board member for the National Cyber Security Alliance, and Matt Watchinski, Senior Director of the Vulnerability Research Team for cybersecurity provider Sourcefire, to find out the key security measures every small business should be taking.

1. Establish strong passwordsImplementing strong passwords is the easiest thing you can do to strengthen your security.Cloutier shares his tip for crafting a hard-to-crack password: use a combination of capital and lower-case letters, numbers and symbols and make it 8 to 12 characters long.

According to Microsoft, you should definitely avoid using: any personal data (such as your birthdate), common words spelled backwards and sequences of characters or numbers, or those that are close together on the keyboard.

Use their convenient password checker to see how strong yours is.

As for how often you should change your password, Cloutier says that the industry standard is "every 90 days," but don't hesitate to do it more frequently if your data is highly-sensitive.Another key: make sure every individual has their own username and password for any login system, from desktops to your CMS. "Never just use one shared password," says Cloutier.

And finally, "Never write it down!" he adds.

2. Put up a strong firewall
In order to have a properly protected network, "firewalls are a must," Cloutier says.

A firewall protects your network by controlling internet traffic coming into and flowing out of your business. They're pretty standard across the board -- Cloutier recommends any of the major brands.

3. Install antivirus protection
Antivirus and anti-malware software are essentials in your arsenal of online security weapons, as well.

"They're the last line of defense" should an unwanted attack get through to your network, Cloutier explains.

4. Update your programs regularly
Making sure your computer is "properly patched and updated" is a necessary step towards being fully protected; there's little point in installing all this great software if you're not going to maintain it right.

"Your security applications are only as good as their most recent update," Watchinski explains. "While applications are not 100 percent fool-proof, it is important to regularly update these tools to help keep your users safe."

Frequently updating your programs keeps you up-to-date on any recent issues or holes that programmers have fixed.

5. Secure your laptops
Because of their portable nature, laptops are at a higher risk of being lost or stolen than average company desktops. It's important to take some extra steps to make certain your sensitive data is protected.

Cloutier mandates "absolutely: encrypt your laptop. It's the easiest thing to do."

Encryption software changes the way information looks on the harddrive so that, without the correct password, it can't be read.

Cloutier also stresses the importance of never, ever leaving your laptop in your car, where it's an easy target for thieves. If you must, lock it in your trunk.

6. Secure your mobile phones
Cloutier points out that smartphones hold so much data these days that you should consider them almost as valuable as company computers -- and they're much more easily lost or stolen. As such, securing them is another must.

The must-haves for mobile phones:

Encryption software
Password-protection (Cloutier also suggests enabling a specific "lock-out" period, wherein after a short amount of time not being used, the phone locks itself)
Remote wiping enabled

Remote wiping is "extremely effective," Cloutier says, recounting the story of one executive who lost his Blackberry in an airport, after he had been looking at the company's quarter financials. The exec called IT in a panic, and within 15 minutes they were able to completely wipe the phone.

7. Backup regularly
Scheduling regular backups to an external hard drive, or in the cloud, is a painless way to ensure that all your data is stored safely.

The general rule of thumb for backups: servers should have a complete backup weekly, and incremental backups every night; personal computers should also be backed up completely every week, but you can do incremental backups every few days if you like ("however long you could live without your data," Cloutier explains).

Getting your data compromised is a painful experience -- having it all backed up so you don't completely lose it will make it much less so.

8. Monitor diligently
"All this great technology […] is no good unless you actually use it. You have to have someone be accountable for it," says Cloutier.

One good monitoring tool Cloutier suggests is data-leakage prevention software, which is set up at key network touchpoints to look for specific information coming out of your internal network. It can be configured to look for credit card numbers, pieces of code, or any bits of information relevant to your business that would indicate a breach.

If you don't monitor things, warns Cloutier, "it's a waste of time and a waste of resources." And you won't know that you've been compromised until it's far too late.

9. Be careful with e-mail, IM and surfing the Web
It's not uncommon for a unsuspecting employee to click on a link or download an attachment that they believe is harmless -- only to discover they've been infected with a nasty virus, or worse.

"Links are the numbers one way that malware ends up on computers," says Cloutier. "Links are bad!"

As such, never click on a link that you weren't expecting or you don't know the origination of in an e-mail or IM.

You have to "be smart when surfing the Web," Watchinski warns. "[You] should take every "warning box" that appears on [your] screen seriously and understand that every new piece of software comes with its own set of security vulnerabilities."

10. Educate your employees
Teaching your employees about safe online habits and proactive defense is crucial.

"Educating them about what they are doing and why it is dangerous is a more effective strategy than expecting your IT security staff to constantly react to end users' bad decisions," Watchinski says.

It's not easy: "One of the most difficult things to do is protect end users against themselves," he adds. But ultimately, prevention is the best approach to handling your data security.

Make sure your employees understand how important your company's data is, and all the measures they can take to protect it.