Six core elements for a secure business

Six core elements for a secure business
5 minute read
image

Presented by ADT

Say “security” to
most business people and they’ll come back with something about anti-virus
software or internet firewalls. Sure, those are critical pieces of a solid
security system, but if you want to create a really effective security structure
for your business you need to step back and start with a fundamental review of
core concepts.

For instance, a recent report from
the U.S. Small Business Administration
notes that starting a new business may
require as much as $80,000 of startup funding to get off the ground. That’s a
considerable sum, and it represents financial investment, purchase of equipment,
hiring personnel, acquiring raw materials, software, telecommunications costs,
inventory, building a web site, designing a logo, and so on. Protecting this
complicated collection of assets requires more than a firewall.

The up-side is that building an
appropriate security plan can provide critical stability for your new business during
the always-challenging start-up process no matter what kind of business you’ve got
in mind.

Here are six places to start:

1. Begin With The Basics

Before you can figure out how
to best protect your business assets you need to decide what those assets are.
What are you actually protecting? Is it a database of customer
information—social security numbers, credit card information, home addresses?
Is it a room full of expensive chip-making machines? Is it a fleet of traveling
laptops or touchscreen tablets full of proprietary product specifications? Is
it boxes of industrial diamonds or bins of finished jewel-bearing widgets?

You also need to ask yourself
fundamental questions about the character of your company: Every time an
employee logs into the main server from a remote location or laptop, security
is potentially imperiled. How important is it to maintain a secure remote data
pipeline for your staffers? How important is it for you to log in remotely to keep an eye on sales and other business
activities?

Finally, how far do you want
to go? There are ways to maintain near-perfect security, but they come at a
price. Finding the balance between a comfortable and trusting work environment
and a perfectly secure protocol is an important part of your job as owner. You
don’t want your employees to feel they’re working in a police state. Or do you?

2. Write It Down

Now that you’ve thought out the details
of your security policy, it’s time to write it down. If it isn’t written down
it doesn’t exist.

Be specific. What kinds of background
checks will you require for new employees? Who’s responsible for tracking raw
materials coming in and finished products shipping out? Who will train new
hires in security protocols? How will you secure data on laptops and tablets
that travel between work and home? Who’s in charge of updating business
software and anti-virus utilities to make sure your employees are running the
latest versions? Do you need security cameras? How many? Where is security
video information stored, and for how long? How easy will it be for employees
to gain access to the premises on weekends?

When you think you’re done, go back and
compare your written policy with your original list of business assets. Does
the security policy protect those assets effectively? If not, rewrite the
rules, or lose them entirely.

One last point: If nobody reads the
security policy it won’t do you any good. Publish the written policy. Send it
out via email. Print it out and put a copy where anyone can read it. Require
employees to sign a document stating that they’ve received it and read it. If
you’re really serious you can even email short security quizzes to employees to
make sure they actually understand the policy—or play Security Jeopardy at your
next staff meeting.

Does
this sound obsessive? Think about that $80,000 of startup capital you’re
protecting.

3. Where It’s At

Focusing on your physical workplace
will help determine the most appropriate security and automation solutions.

For example, if you’re
starting a clothing store in a mall you’ll probably want to take precautions
against shoplifters—like security cameras, or a guard at the exit. A medical office might want to protect
sensitive patient information with multiple log-in safeties and a wall of
high-end locks and fingerprint readers to secure medications.

Think about lighting, fences,
security guards, and an alarm system. Give some thought to where to place your security
cameras to make sure you can identify individuals as they move though
high-security areas. A good key card system can make a record of comings and
goings, and you can set it up to alert you or your security staff if unauthorized
people enter the office during off-hours.

If your workplace includes
digital information storage it’s likely to come under attack as hackers and
malware grow more sophisticated. According to a recent report from the National
Cyber Security Alliance (as noted in PC
World
) one in five small businesses falls victim to
cybercrime each year. And some 60 percent of these firms go out of business
within six months of the attack.

Best-practice security
protocols for protecting digital data are not hard to find, but they need to be customized
for your business. Focus on using and changing passwords, maintaining
up-to-date virus protection, encrypting data, fully erasing old hard drives,
and physically securing laptops and tablets as needed.

4. Be Afraid. Be Very Afraid

Paranoia isn’t necessarily a
bad thing. Most data losses in small businesses happen when employees (bosses
too!) leave their laptops in the taxi. Or click on the “cool link” in
an email that seems to come from their best friend. Scammers, hackers, phishers
and other bad internet characters have gotten really good at tricking you into
clicking on the wrong thing—thereby releasing all manner of worms, viruses and
malware into your business network. Or stealing your data. Or both.

Any serious security system includes
training your employees to be very, very suspicious of every single email they
get. Unless you are really certain you know the source of an email, and why
it’s been sent to you, you should never, never
click on an attached executable or internet link. The same goes for browsing
the web on a company computer. One careless click can do tremendous damage.

As for losing laptops (and it
happens more often than you think) it’s not a bad idea to encrypt sensitive
information. And back it up! In general, every time you carry data (or
hardware) outside the office firewall you should be prepared for a worst-case
scenario. Paranoia isn’t necessarily a bad thing.

5.
Hire the Right People

Your employees can be your best
security enforcers—or your worst enemies. Hire carefully, check references, and
make sure they know the security policy before they start work. Explain to new
hires how theft and/or data loss can affect their personal financial
expectations. (Lost profits due to security issues mean fewer raises.)

Employees should be trained to spot
suspicious behavior. They need to know what the protocol is for reporting it, and
how the information will be used.

6. Make Sure It’s Working

Congratulations! You have devised the
world’s best security protocol—but is it working? You (or your designated
Security Czar) needs to remain constantly, permanently focused on that protocol’s
performance. Scan security videos, analyze threats, evaluate employee
observance of security rules, track customer complaints, update the policy as
needed.

It’s just as true now as it ever was: Eternal
vigilance is the price of liberty. And business security.