Businesses of all sizes and in all industries have become increasingly data-driven over the past few decades. Computerized inventories help guide purchasing decisions, analytics help determine which marketing strategies are providing the best return, and email allows customers and vendors to submit messages or files whether your office is open or closed. Rolodexes have been replaced by digital contact lists, printed catalogs have been steadily giving way to online stores, and electronic documents have led to the retirement of countless file cabinets. The computer age has dramatically altered the office and business environments, but have you ever considered the amount of data that you routinely collect and store? Some of the information residing in your computer system is extremely sensitive, and should it be exfiltrated, it could result in a financial loss as well as damage your reputation.
Many small-business owners think that assigning unique user credentials and locking the front door at the end of the day is enough to keep their computers secure. Even some large companies with internal IT departments believe that restricting certain functions to just those with system administrator privileges, deleting credentials when employees terminate, and holding annual meetings to remind employees of basic cybersecurity precautions is sufficient. Time after time, small businesses and major corporations have faced the unpleasant consequences of discovering that their security measures fell short. Consider the following scenarios to see if either of these could happen to you.
- You own a small business with an office staff of 10. Because all of your employees occasionally substitute for colleagues who are on vacation or taking a day off, every employee can access every function, including payroll, accounting, inventory, banking and customer service. One employee has difficulty remembering her credentials, so she keeps a sticky note attached to her monitor on which she has written her username and password. On Friday night, you close for the weekend. When you return Monday morning, you find that burglars have taken all of your computer equipment. Although an experienced hacker could have managed to get into your system, since an employee’s credentials went with her monitor, the thieves did not need to expend any extra effort. They have now had over 48 hours to send emails in your name, download customer’s credit card numbers, steal the Social Security numbers of your employees, access your bank accounts, and commit whatever malicious, fraudulent or mischievous acts they want. Can you visualize the many ways that your business could be affected?
- You manage a large company that has just posted huge losses for the second consecutive year. One of your cost-cutting measures is to reduce your staffing, so you terminate several outside salespeople. Your human resources department promptly notifies IT, and the IT manager deletes the credentials for the terminated employees. However, no one realizes that several of the terminated employees have apps on their personal laptops and phones that allow them to access vendor accounts. They may even have downloaded a mirror image of your customer files. If one of your terminated employees is particularly vengeful and finds employment with a competitor, do you think he or she might leverage that access to curry favor with a new employer or strike a blow aimed at your company?
In an ideal world, you would never have to worry about either of these situations — or dozens of other scenarios — arising. However, the world is not perfect, and neither are the people who live in it. Even people who would never deliberately do anything to harm your company can make mistakes that can have serious consequences for your business.
Despite the risks that too little security can pose, it is also true that too much security can be almost as risky. Productive employees help improve your company’s profitability, so reducing their productivity is not the answer. Furthermore, it is a well-known fact that your employees will find workarounds if your security measures are so onerous that it makes completing a task more time-consuming or difficult. In many cases, their well-meaning attempts pose security risks that you or your IT department may not suspect. Fortunately, you can secure your computer system without significantly impacting your employees.
- Take stock of what information exists in your computer system, how you receive it, where it is stored, and who has access to it.
- Determine who actually needs access to certain types of information, then set permissions accordingly.
- Have new hires sign confidentiality and non-disclosure agreements. Any vendor or contractor who will have access to your digital or physical files should also sign one.
- Lock backups in a secure location. Many companies rent a safe deposit box for this purpose.
- Contact an experienced, well-qualified vendor to help you configure your computer network for security, ease-of-use and convenience.
Whether you have a single computer, a large mainframe or a small network, Low Volt can help. We can set up a secure LAN, provide access controls for your building, install a surveillance system, and help you with many other technological issues. Use our contact form or call 702-458-2121 for a free consultation.