Risk & Business Magazine Miller Winter 2019 | Page 8

AVOIDING SECURITY BREACHES
YOUR CHECKLIST FOR AVOIDING
IT SECURITY BREACHES
T
he most pressing information
technology security problem
facing Canadian entrepreneurs
is not computer hackers. The
majority of security breaches
actually come from a company’s own
employees.
They’re usually not doing it on purpose,
though: most breaches are accidents,
such as an employee mistakenly
emailing confidential client information
outside the company, a cashier leaving a
customer’s credit card information on a
publicly viewable computer, or a manager
inadvertently deleting important files.
DOWNLOADED BREACHES
One of the most common breaches:
accidentally downloading malware—those
nasty little computer viruses and Trojan
horses that can cause mayhem in your
computer network.
Four in five Canadian small and medium-
sized enterprises (SMEs) report experiencing
a security problem related to information
and communications technologies (ICT)
caused by an employee in the previous year,
according to industry research. But most
SMEs don’t do much about it until it’s too
late.
Many business owners pay lip service to tech
security, but they don’t invest money in it. As
a result, actions usually get postponed until
the day an essential computer crashes or
vital data gets wiped out in a malware attack.
And with the proliferation of mobile devices,
wireless computing, and remote workers,
the security challenge is growing bigger for
entrepreneurs.
EVALUATE YOUR TECHNOLOGY SECURITY
Ideally, you should regularly evaluate your IT
security as part of a larger review of all your
systems. The idea is to make sure your tech
gear and processes aren’t out of step with
your business strategy.
Here is an ICT security checklist SMEs can
follow as part of this review:
8
1. STRATEGY AND HUMAN RESOURCES POLICIES
Does your company have a clear ICT security policy that’s known to staff?
Do you have a policy on acceptable ICT use, password guidelines, and security practices?
Do you have confidentiality agreements for contractors and vendors?
Does your company have a privacy policy?
2. DATA BACKUP
For critical data (this is anything needed in day-to-day operations, including
customer information), do you centralize it on a server and back it up nightly to a
remote location?
For important data (anything important to the business but that doesn’t get updated
frequently), do you centralize it on a server and back it up semi-regularly off-site?
3. DESKTOP SECURITY
Do all computers have working anti-virus software?
Do you have a security policy for downloading and installing new software?
Do you have passwords with a minimum of eight alphanumeric characters that are
changed every 90 days?
Are all computers updated with the latest system updates and security patches?
4. INTERNET AND NETWORK SECURITY
Do you have a firewall and intrusion detection on all web connections?
Do you use a virtual private network for remote access?
Are all modem and wireless access connections known and secured?
5. PRIVACY AND SENSITIVE INFORMATION
Is customer financial information encrypted and accessible only to those who need it?
Are paper files kept in locked filing cabinets with controlled access?
6. AUDIT
Do you do a periodic audit (every six months at least) of your ICT security checklist?
Checklist and information from the Business Development Bank of Canada.
For more tools and information for small business and entrepreneurs, visit bdc.ca.