Guest Contribution by Sherryn de Vos When tech executives hear the word security nowadays, the first thought that crosses their mind is likely of digital security because digital threats constantly emerge as technology continues to progress with the speed of light. Generally, tech companies sell their products and services worldwide, so they have to meet national and international regulations related to handling data safely and reacting to various breaches and threats responsibly. And today’s tech companies progressively host all of their data and sensitive information in the cloud, so it makes perfect sense that physical security is getting more or less neglected in favor of its digital counterpart. Make no mistake, though; physical security is as important as ever! Despite everything, the digital assets of tech companies are still vulnerable to on-site threats. In some instances, it may be easier for criminals to walk through your company’s front door and thieve data directly off of your company’s hardware than to hack it remotely. Securing your tech organization’s assets doesn’t inevitably demand extreme nor expensive measures. All it takes is a well-planned physical security strategy and employees prepared to prioritize various security protocols on an everyday basis. Even the best antivirus software in the game won’t stop someone from breaking-in, or even worse, someone with authorized access to misuse their authority. That’s why physical security mustn’t be neglected in modern-day tech companies. Without the appropriate protection measures and strategies in place, your business is left vulnerable to physical threats. Here Are The Top 5 Physical Security Measures That Every Business Should Implement
( Also Read: Step-by-Step Guide to Create a Cloud Security Strategy ) Final ThoughtsThrough its primary purpose to protect the facilities and belongings of the company, physical security has immense importance to every severe business organization. Nowadays, tech companies exclusively focus on the technical and administrative aspects of security but forget that all the firewalls, intrusion detectors, and other physical security measures would come of little to no use if someone breaks in the organization and gains access to essential data. *** Sherryn de Vos is living in the beautiful city of Cape Town. She worked with a startup brand that launched in South Africa called GoBeauty where she was assisted with content generation, as well as conceptualized events focused on women’s health, entrepreneurship, careers, and tech to run alongside the brand. She has extensive experience in writing and uses a lot of her practical experience to create useful content in the business, finance, and marketing world.
Data security should be an important area of concern for every small-business owner. When you consider all the important data you store virtually -- from financial records, to customers' private information -- it's not hard to see why one breach could seriously damage your business. According to the most recent Verizon Data Breach Investigations Report [PDF], an estimated "285 million records were compromised in 2008." And 74 percent of those incidents were from outside sources. We consulted Roland Cloutier, Chief Security Officer for ADP and a board member for the National Cyber Security Alliance, and Matt Watchinski, Senior Director of the Vulnerability Research Team for cybersecurity provider Sourcefire, to find out the key security measures every small business should be taking. 1. Establish strong passwordsImplementing strong passwords is the easiest thing you can do to strengthen your security.Cloutier shares his tip for crafting a hard-to-crack password: use a combination of capital and lower-case letters, numbers and symbols and make it 8 to 12 characters long.
Use their convenient password checker to see how strong yours is. As for how often you should change your password, Cloutier says that the industry standard is "every 90 days," but don't hesitate to do it more frequently if your data is highly-sensitive.Another key: make sure every individual has their own username and password for any login system, from desktops to your CMS. "Never just use one shared password," says Cloutier.And finally, "Never write it down!" he adds. 2. Put up a strong firewall A firewall protects your network by controlling internet traffic coming into and flowing out of your business. They're pretty standard across the board -- Cloutier recommends any of the major brands. 3. Install antivirus protection "They're the last line of defense" should an unwanted attack get through to your network, Cloutier explains. 4. Update your programs regularly "Your security applications are only as good as their most recent update," Watchinski explains. "While applications are not 100 percent fool-proof, it is important to regularly update these tools to help keep your users safe." Frequently updating your programs keeps you up-to-date on any recent issues or holes that programmers have fixed. 5. Secure your laptops Cloutier mandates "absolutely: encrypt your laptop. It's the easiest thing to do." Encryption software changes the way information looks on the harddrive so that, without the correct password, it can't be read. Cloutier also stresses the importance of never, ever leaving your laptop in your car, where it's an easy target for thieves. If you must, lock it in your trunk. 6. Secure your mobile phones The must-haves for mobile phones:
Remote wiping is "extremely effective," Cloutier says, recounting the story of one executive who lost his Blackberry in an airport, after he had been looking at the company's quarter financials. The exec called IT in a panic, and within 15 minutes they were able to completely wipe the phone. 7. Backup regularly The general rule of thumb for backups: servers should have a complete backup weekly, and incremental backups every night; personal computers should also be backed up completely every week, but you can do incremental backups every few days if you like ("however long you could live without your data," Cloutier explains). Getting your data compromised is a painful experience -- having it all backed up so you don't completely lose it will make it much less so. 8. Monitor diligently One good monitoring tool Cloutier suggests is data-leakage prevention software, which is set up at key network touchpoints to look for specific information coming out of your internal network. It can be configured to look for credit card numbers, pieces of code, or any bits of information relevant to your business that would indicate a breach. If you don't monitor things, warns Cloutier, "it's a waste of time and a waste of resources." And you won't know that you've been compromised until it's far too late. 9. Be careful with e-mail, IM and surfing the Web "Links are the numbers one way that malware ends up on computers," says Cloutier. "Links are bad!" As such, never click on a link that you weren't expecting or you don't know the origination of in an e-mail or IM. You have to "be smart when surfing the Web," Watchinski warns. "[You] should take every "warning box" that appears on [your] screen seriously and understand that every new piece of software comes with its own set of security vulnerabilities." 10. Educate your employees "Educating them about what they are doing and why it is dangerous is a more effective strategy than expecting your IT security staff to constantly react to end users' bad decisions," Watchinski says. It's not easy: "One of the most difficult things to do is protect end users against themselves," he adds. But ultimately, prevention is the best approach to handling your data security. Make sure your employees understand how important your company's data is, and all the measures they can take to protect it. |