With all of the security threats out there in our digital world, it is a never ending challenge to provide adequate security to your data and internal network. The question we are often asked by our customers is “Are we doing enough?” There is always more you can do. There is no silver bullet to secure your data and network. Security is best accomplished through a layered approach. The number of layers and comprehensiveness of each layer are a matter of degrees and should be discussed on a recurring basis.
There are certain basic security protocols that every business should have, such as a business-class firewall device, spam filtering, and – of course – business-class anti-virus. Most importantly would be a policy of having strong passwords on the network and devices. Even the most secure device is easily hacked with weak passwords. What should your password policy be? Where that line is drawn is a decision your business needs to make for itself. For example, a twenty (20) character password is more secure than a six (6) character password. Which is appropriate? The answer may depend on what kind of data you are trying to protect. Are we protecting a customer list, or are we protecting customer social security numbers? Not all data are equal. A twenty character password would obviously detract from usability of the system, so if it is a password that needs to be typed regularly, chances are your users will not be pleased with your choice and productivity can even suffer in extreme cases.
There is an adage that the only truly secure computer is one that is turned off. While the adage is certainly true, that policy would not leave you with a very functional system to say the least. There is a balance between usability and security. The goal should be to bring the highest level of security you can along with the maximum amount of usability possible. Those two goals are not in alignment in most cases, so the options must be weighed against BOTH criteria before a decision is made.
In most instances, there are many things that businesses should be doing beyond the basics we described above. Education on security is important. Regardless of the topic, good decision making comes from an educated mind. Security is no different. Employees that understand the importance of data security will make better decisions than those that do not.
Restricting opportunities for threats to enter the business should be looked at both physically and digitally. Door locks and physical security for your office and computer room are obvious needs, and digitally limiting where you users can go on the Internet is appropriate for most businesses. Many businesses will choose to allow their employees to go anywhere on the Internet they please as a matter of employee satisfaction. That is a choice a business can make, but there are consequences to decisions. There is no need for employees to see a majority of what resides on the Internet. There are endless sites that can bring malware into your network and the risk needs to be balanced against the reward of employee satisfaction. Management needs to be educated on the risks associated with those types of policies and the possible effects of those decisions so that informed decisions can be made.
The topic regarding data and network security are nearly endless. Unfortunately, the answer to the question “Are we doing enough?” is often “no.” There is always more to do. Security threats are not shrinking in number and becoming less impactful. The facts are quite the contrary. Data and network security will be an increasingly important factor for businesses to plan for in the future, as unfortunate as that is. In preparation, educate yourself to the risks and remember that there is a balance between security and usability.
We understand the task ahead can be daunting. Let our experts guide you through the process of finding that balance that fits your business. Call us at (888) 600-4560 or at info@coldencompany.com. Don’t forget to “like” us on Facebook as well or send us a tweet @coldenco.