Lock The Gate
Gated communities present an interesting paradigm. In order for the concept to work, you must trust everybody living in your community. Not only that, you have to trust all of their family, friends (and kid’s friends). You’re only as secure as the last person who entered.
Your business is very similar. At some point you hired people that weren’t friends or family. You trust those employees, and all their friends that send them email links to the latest you tube drudgery. Anti virus and firewalls are great, but this is a different attack vector.
Who is accessing your data? Do they require the level of access they have? Do your employees work odd hours? What is the impact of a notebook “walking off”?
Security is usually addressed after a breach has occurred. Obviously, this is too late. The impact a single breach can have on your business can be devastating. Security doesn’t have to be expensive. Here are a few cost-effective (read cheap) tips that can help:
1. Limit access to genuine needs. Few employees need access to a current client/prospect list, sales, aging or open invoice reports.
2. Enable logging in your business software. If a user changes an invoice or alters a bill, there should be an audit trail.
3. Perform periodic audits. Pick a random section of time and review who is accessing what. Not only does this provide a security audit, but can help in reviewing efficiency.
4. Get email notification if a user attempts to access to an unauthorized component. For example, a salesperson attempting to access HR or user administration.
5. Remove temptation. The user interface should only present what a user has access to. Some applications disable the menu item or button. I prefer to remove it completely.
Whether you use these tips or implement your own mechanism, start being secure today. Thanks for tuning in, and lock the gate behind you…
Stephen Tuttle
DS Technologies, Inc