Is your business prepared for disaster? Part 3
Posted by Insight Marketing Group on October 5, 2009 · Leave a Comment
By Lee Hart
With two months of hurricane season behind us, we have our business continuity plans in place and are well prepared for disaster, right? If this is not a true statement for your business, then take note… All of this talk about disaster preparedness is for purpose. As we have highlighted in this series for your business, failure to plan for disaster is a plan to fail. Disaster preparedness is not a notion that applies only those in high risk geographies—it’s prudence and a belief that no one is immune.
In June we overviewed four simple things to consider in your IT picture to help your business be better prepared for disaster. Last month, we drilled down a bit to talk to you about how you can safeguard your data with simple backup devices. This month in our continuing series on “Is your business prepared for disaster?” we explore data security.
As we noted in June, most of us believe we hire professionals whom we trust and are convinced will always act in the best interest of our company. Unfortunately, if things do go wrong, this can put your important company information at risk. Ask yourself how much is your client or product information worth to your competitors? If the thought of a data compromise like this makes you cringe, you are not alone. The simple way to safeguard your business is with proper controls for your information.
In fact, we live in a world of controls. In 1996 Congress enacted the Health Insurance Portability and Accountability Act which established standards for national healthcare providers and the medical industry to share information in a standard electronic format. But, more important is the impact this had on securing private information about you and your family. Commonly called HIPAA, this act became the first significant step in history to establish information controls and accountability in an industry embattled with fraud. Subsequent to this came the Sarbanes-Oxley Act of 2002. Because of finance and accounting fraud of several large companies, there came the need to extend controls to ALL information that leads to the formulation of financial reports. What precipitated were considerable reform and significant penalties to companies that did NOT have proper controls in place to protect data that forms an input to these reports.
Ok, so how do we boil all of this down to meaningful impact on a small/medium business owner? Are you ready? Here we go: BE CAREFUL WITH THE ACCESS YOU PROVIDE TO YOUR DATA. Not only are there legal requirements nowadays protecting privacy and data integrity for financial reporting (along with very stiff penalties), but exercising a little common sense here can go a long way. Some simple ways to protect data include any or a combination of the following:
1) Proper backup and recovery routines.
· Paramount to data security is recoverability of lost data. You MUST have a backup and recovery plan.
2) Adopt a Principle of Least Access (Clearly define administrative/management roles)
· Provide only enough access to information to fulfill a role or responsibility. Don’t simply provide access to all information company wide.
3) Safeguard non-employee access into your business.
· This can be remote access and direct access granted to vendors and contractors. Be sure network controls and/or devices are in place to mitigate this highly visible risk.
4) Protect ALL physical access to your network.
· Basic security keeps those that belong in the right place, but those with other intentions look for avenues to exploit. Develop a good perimeter network with monitoring practices to alert of suspicious activity.
5) Hire a qualified IT consultant to help develop proper security controls.
· A good consultant can help provide simple plans that address physical access and proper data controls to ensure you have principles of least access.
Securing data is a key component in protecting your business from disaster. As we have discovered through all of this, disasters do not have to be weather related to be harmful. Having sensible data security practices help keep your company information protected and your business in compliance.
Our easy-to-read guide gives you all the tips and tricks you'll need to start marketing your practice today!