How To Keep Your Business IT System Secure–Part I

Over the past several months we have published a number of articles dealing with cyber warfare and related Internet phishing/hacking attacks. In those pieces we reminded small- and medium-business owners that they are not immune from cyber attacks even though many consider themselves safe due to their size. We have also examined the fact that your very own website could be under attack and you might not even be aware of it! We also gave you some tips on how to ensure that many of the most basic tenants of IT procedures are followed.

The question of network security is becoming more and more of an issue in the M&A industry. Buyers interested in acquiring your company will closely examine your IT security and procedures during due diligence. Because of this, it is far better to prepare your network for this scrutiny now rather than after due diligence has begun.

To help you, I thought I would share some ideas that Reuters and recently published on the topic of keeping IT systems secure from attacks. Interestingly, the past five years have given us an explosion in new technological devices that are designed to help us increase productivity. On the downside though, these tools also present a corollary explosion in security issues and concerns. Here are some tips to help protect you:

Password Protect Your Systems

As we have mentioned, this simple step can be the most effective tool in protecting your company from attacks. Unfortunately, with too many middle-market companies, password policy is either nonexistent or it is under-enforced. According to

“Access to all equipment, wireless networks and sensitive data should be guarded with unique user names and passwords keyed to specific individuals. The strongest passwords contain numbers, letters and symbols, and aren’t based on commonplace words, standard dictionary terms or easy-to-guess dates such as birthdays.”

Given how much emphasis is placed on this, it is vital to enforce the use and frequent changing of passwords employees use on all of their devices. Do not become complacent, assuming that your size will insulate you from being vulnerable to these attacks. All it takes is one angry ex-employee to seriously disrupt your operations.

Design Systems that are Safe From Abuse

The best way to do this is to limit access to equipment, systems, and software to ONLY those employees that need them. For example, placing your accounting system on the company’s main server for everyone to see is a recipe for disaster. Limit access to the few people that need it.

Don’t let the idea of convenience lull you into a false sense of security when it comes to who should have access to your programs. In reality, the number of people that should have access to all of your systems and software programs is limited to you and your most trusted employees.

Conduct Pre-Employment Screening and Background Checks

Again, this step seems like a no-brainer, but all too often we see middle-market companies that have no formalized pre-employment background check program in place. This is another area that buyers will closely examine during due diligence. They will want to see HR procedures that are documented and followed, especially when it comes to screening new employees.

As put it, “While rogue hackers get most of the press, the majority of unauthorized intrusions occur from inside network firewalls” (emphasis added). Be sure to pre-screen all applicants for employment and then after hiring them, don’t give them access to all the corporate secrets. Many companies provide limited access to information during the employee’s probationary period just to ensure that the person can be trusted with greater access later.

Continually Train Your Employees

It is amazing how many networks are hacked or crashed simply because employees forget to follow procedures that are already documented. Unfortunately, with human nature being what it is, if you become complacent and think that procedure will be followed, chances are they won’t be.

One of the most common mistakes that employees make is writing down their passwords on yellow Post-it notes and attaching these notes to their computers. Although this is convenient, it constitutes one of the most common security breaches. Think about how many people can gain access to your systems simply by walking by a person’s cubicle with Post-it notes attached all over their computer terminals. By continually re-enforcing your company’s IT procedures, you can ensure that your employees do not become careless.

Coming Up

Tomorrow we give you the remaining five tips to keep your business’ IT system secure.

© 2011 Generational Equity, LLC All Rights Reserved

About Carl Doerksen

Carl Doerksen is the Director of Corporate Development at Generational Equity.

Speak Your Mind