What would happen if there was a breach in your IT security?
IT security breaches come in many forms – physical damage, computer viruses, hackers or even mistakes by employees – any of which could disrupt the day to day running of your organisation. Worse than that, data could be permanently lost, or used by others seeking to gain from or damage your business.
The increased use of social media by organisations, and some personnel requiring access to the internet to complete their tasks, may also introduce substantial risks to company networks and data.
So what can a business do to prevent security breaches?
A secure, reliable and cost effective environment is crucial. There are 3 main elements to good IT security:
- Spam filters that block 97% of junk email before it reaches your IT systems and manage inbound and outbound emails can protect your organisation from mail threats and data leaks.
- Anti-virus software must be up-to-date, robust and effective to prevent criminals attacking your network through newly developed viruses, worms and Trojan horses.
- Firewalls should be used to prevent unauthorised access to or from a private network, particularly an intranet.
In addition, it is important to establish security procedures for staff to follow. Training staff on how to use your IT system and specifying what tasks must be referred to others, as well as implementing an email and internet policy to regulate internet use, will all help to reduce IT security risks.
What happens when things do go wrong?
Although firewalls, anti-virus and anti-spam software and staff training should all help keep your system secure, unfortunately they are still no guards against physical damage or theft, crashing hard drives, or employee error.
In the first instance, it is vital to have your data backed-up. This at least will allow it to be easily accessed and restored and for business to continue.
This involves copying data onto back-up tapes, USB drives or memory sticks, or onto a network drive of another device. Back-up programs can be installed, or the cloud can be used as an on-line back-up for data. It’s a good idea to regularly test restoring data from your back-ups.
For more serious problems, such as fire or flood damage, or cyber criminals stealing all your data, the only way to ensure your business can be back up and running quickly is to have a disaster recovery plan (DRP) in place.
A DRP needs to have a line item for every eventuality that can happen – plus a list of actions explaining how to deal with that particular problem. However it doesn’t need to be a lengthy document – only one or two pages – so that it can be referenced quickly in a crisis.
In the first instance you need to identify what assets your IT system has. This includes physical ones such as laptops and mobile phones, software and servers; as well as less tangible, but more valuable ones, such as specific data and intellectual property.
Do you know which employees use certain devices? If any use their own mobiles, laptops and tablets for work this may introduce further risks to the business if they are stolen or lost, so they need to be included in the DRP. Do external devices bring virus–risk into your business?
Who is your IT supplier? How quickly can you order new hardware and devices, recover your backed-up data, and activate any “remote wipe” or “remote kill” to prevent unauthorised people accessing the data?
If there is a server within the business, where is it located and who holds what information?
Once the DRP is written, it is useful to regularly test it by role playing – this will identify where any weaknesses in the plan lie, and any improvements that can be made.
With some surveys suggesting that a system failure, misuse or data loss may cost small businesses up to £7,500 a day, investing in IT security, back-up data and disaster recovery is vital.
If you would like to discuss maintenance of your IT system please call Direct Voice & Data on 0800 84 999 84