Some rules to help keep your business secure
The basic principles of English grammar that students learn today are very similar to the ones you and I learned in school. For instance, nouns are the words we use for a person, place, thing or idea.
Conversely, the rules of business security are changing daily. Every business faces threats we couldn’t have anticipated a few years ago. What kind of business should worry about security? Yours. Every week, we see small to midsize businesses getting notices for security audits or compromised because they did not have the right security implemented.
Most business transactions include data that should be secure. If you handle credit card, bank account, Social Security numbers or health care data, you need sophisticated, secure systems and procedures every employee understands and uses. Many retailers, attorneys, financial firms, accountants, and other service providers must button up.
Business security may seem daunting, but there’s a set of rules, or a grammar, you can follow to make it easier. That’s where the people, places, things, and ideas of security can work for any business:
Rule #1: People
Protect your business from people—from the intentional, criminal incidents, and the well-meaning, unintentional actions that can leave you vulnerable. Many employees don’t understand the liability impact of unwittingly shirking security procedures.
- Do you conduct background, drug and social media checks?
- Do you have comprehensive employment agreements that cover confidentiality and security procedures?
- Do you regularly inform your team how to stay secure?
- Do you have nondisclosure agreements?
- Do you have business associate agreements (BAAs) covering security procedures and reporting requirements for suspected breaches?
Rule #2: Places
Your information is only as secure as the weakest link in the chain. What exposure do you have when a company laptop transmits data over free wireless at the coffee shop? Do you use encryption to send or receive emails and files with sensitive data? Do your employees and vendors have appropriate security protocols in place?
To protect data from prying eyes, encrypt data when it’s in motion, including cloud backup solutions and secure third party services for document sharing.
Reconsider permissions and authentication procedures. Review access to data not needed. Make sure that all access is protected, with a strong password at the least, but ideally multifactor authentication. Or consider biometrics, ranging from the thumbprint protecting your iPhone to Mastercard’s testing of facial recognition, and even retina scans (not just in the movies!).
For your protection:
- Do you monitor access to your digital systems to spot data breaches?
- Do you check logs regularly for unusual activity and failed login attempts?
- Do you have a security plan, with details on data retention, issue escalation, client notification in case of a breach, and remediation?
Rule #3: Things
Where are the things that store your business data? In a car, an airplane, or a remote worker’s home? What happens if these things are lost, stolen or in the hands of a disgruntled employee? Your company business should be worked on assets you own. If you have a bring your own device policy, install mobile device management software to partition company data from personal data.
Consider encryption when data is at rest: On your servers, computers and laptops, and portable media like external storage devices.
Robust firewalls with up-to-date security patches help prevent unwanted intruders. If you use a hosting facility, or a shared server environment, talk to your host about how your data, and your business operations, are protected when another company is compromised on your shared server.
Rule #4: Ideas
Security procedures only work if you are disciplined about using them. Document procedures, create checklists and train your team. I know you roll your eyes at the thought—but remember that pilots and doctors use checklists for things they already know they should do, too. Checklists save lives, and they can protect your business.
Even the best laid plans and technology maintenance may not protect us from the many things outside the control of the business. Consider buying cyber insurance, as well.
We’ve just looked at the overall framework of business security grammar here. Make sure you understand how these apply to your business—knowing and following security “grammar” rules will make your business safer every day.