1. Access
Ensuring the security of your data is the backbone of the entire security process. Many times what organizations find when they go looking is that their sensitive information is not protected. For example, many companies assign their payroll and financial tasks to a handful of people in the office. If they are saving that information locally on their machine it is easier for others internally and externally to access it. Private data should be saved in a directory on a secure server with permissions granted to only a few individuals. Improper internal practices are one of the greatest threats to information loss and improper exposure.
2. Planning
What would you do if your office building burned down? If your network was hacked, what steps would you take to re-secure your environment? If your server died, what would it take for you to be back up and running? More importantly, though, would your data be lost forever? If your business is not backing up to the cloud, an offsite location, or using multiple external hard drives you run the risk of losing everything. No one likes to think about disaster scenarios, but if your business were to encounter one, having a plan in place could make the difference in getting you back up and running.
3. Practice
Walk through real situations and see the impact technology has on your business. What do you do when you hire a new employee? Who determines what access they have? When a new computer is purchased, what do you do to make sure it is secure? If someone was out of the office for an extended time and their duties needed to be shared by others, would those helping have access to complete their additional tasks? Putting your business through these types of tests will provide an insight into areas for improvement.
