If there's one thing common to all businesses, it's paperwork, physical or virtual: sales records, receipts, company information, client information, etc. And in this information-hungry world, where data is a form of currency, all these pieces of information are at risk of being stolen.
How do we protect our files, physical or electronic, from falling into hands that have no right to them?
1. Secure physical files both in and out of the office. Keep confidential files in secure places. You may want to use safety boxes that can be opened only with several keys that are each held by a different person.
Install security cameras and alarm systems. Depending on the value of your files, you may also want to have a security guard, who has no easy access to the files but stays on post so when an alarm does sound, he will be there.
If you are disposing of documents, it is best to get micro cut shredders, which shred paper into 3,770 bits instead of the average confetti shredder, which only cuts paper to 300 squares.
If your important documents need to be transported outside the office, make sure the courier is escorted by people whose main job is to watch over the files. You don't want your courier's briefcase to be carried away by some stranger when your courier's attention temporarily wanders, as what happened with the "confidential" documents on the Franco-British unmanned aerial vehicle project, which were carried away by a stranger while the executive carrying them was deliberately distracted by another man harassing the executive's female colleague.
2. Secure your system network. Make sure your office computers are configured so it is impossible for anyone to save anything on individual computers' hard drives. Everything should be created, saved, and modified within the system network. This way, every document created, saved, and copied can be monitored, and it can be easily tracked who is accessing any file at any time. This ensures internal documents don't get copied to personal drives and transferred to the hands of competitors or other entities that may have adverse motives against your company.
A secure system network also controls access levels: Which files can be accessed by clients, customers, employees, supervisors, managers, administrators?
If you're doing business online, remember that many customers will not do business with a company that does not ensure data security and encryption, to ensure that personal and private details such as credit card numbers do not fall into the wrong hands.
Incidentally, remember the more people who have access to your network, the more vulnerable it becomes. The US Pentagon itself has not been spared from cyber-attacks - in 2011, it lost to theft around 24,000 files - and it blames its vulnerability on its dependence not only on its internal computers but also on those of its contractors, including its utilities providers.
3. Install good virus protection, firewalls, and back-up systems. Theft is not the only thing you need to guard against. There are also malicious attacks, which aim to do nothing but destroy your files or crash your system.
To prevent malware attacks, make sure your firewall and antivirus offer high levels of security, and they are updated and activated in every single computer used by your employees. Orient all company members on company policies against downloading potentially harmful files or visiting questionable sites, and make sure everyone knows the direct and indirect consequences if they are caught breaking company rules.
Make sure that, should any of these physical or virtual calamities happen, you have a reliable back-up and recovery system so your files are not irretrievably lost. Many companies are using the cloud to ensure whatever happens data will always be accessible from any location.
Posted by Mark Parker. Posted In : Guest Security Articles