Step 4: Tighten in-house security
Technology and the Internet ushered in a whole new set of security risks for businesses. But they didn't make the old ones go away! Securing your physical environment and enforcing policies that protect your business information and assets remain critical. A casual break-in can potentially cause more damage than an unknown intruder who attacks via the Internet.
Why Your Business is at Risk
With so much privileged business information stored on computers -- from customer credit card numbers to inventory balances to payroll records -- ensuring the physical security of your computers is a key step in securing the information stored on them.
Consider just a few scenarios:
| • | Your salesman leaves his laptop on a plane -- everything on it, including details of your hush-hush new product line -- is at risk of exposure |
| • | Your partner's kid comes in after hours and plays computer games on the server -- all of the files on that server are at risk |
| • | A burglar ransacks your office and hauls off a couple of computers. He may not want the financial records he discovers -- but he probably knows someone who will |
You can't predict how your computing environment will be threatened. But you can be prepared.
Basic Steps You Can Take
Here are a dozen common-sense practices that will help ensure the physical security of your business information and assets:
1. | Establish a security perimeter around sensitive areas. Walls, self-shutting doors, lockable doors, alarms and security curtains are options. |
2. | Staff all access points from the outside and insist all visitors are identified and logged in and out. |
3. | Restrict access to sensitive areas such as server rooms or employee records. |
4. | Consider risks such as fire and flooding when locating a server room or other sensitive area. Install fire extinguishers. |
5. | Lock doors and windows when not in use. |
6. | Test alarms regularly. |
7. | Initiate a "clear desk" policy so employees secure sensitive or valuable materials when they're not working on them. |
8. | Mark computers and major components with identifying information, including your company name, location of computer and user. |
9. | Log serial numbers of computers and components so they can be identified and recovered if stolen. |
10. | Protect unattended fax machines and servers. |
11. | Encourage staff to pick up documents immediately from fax machines and copiers. Set up secure printers for confidential information. Invest in a shredder. |
12. | Institute a policy covering what equipment staff can take off-site; create a sign-out process for valuable items. |