Policies can help prevent tech disasters
11/1/2006 (Kelley Indianapolis)
In the information age, a disaster doesn't have to involve a fire, tornado or other natural disaster. In our knowledge-based economy-where businesses of every stripe are dependent to some degree on technology-the most serious crises may involve our most precious resource: information. It's one of a business owner's worst nightmares: a serious breach of computer security. Important files corrupted or lost. Sensitive customer information exposed to a hacker. Networks down, employees idle.
While information technology has vastly improved productivity and efficiency in the business world, it also has created new issues and potential crises. While larger corporations have the resources to address such concerns in a comprehensive way, smaller companies often take a more ad hoc approach to information security issues-or worse, no approach at all.
Small-business owners should take the time-and spend the money, when necessary-to protect their companies from common information-security threats. The investment is well worth it when you consider the potential consequences in lost productivity, lost customers and legal liability.
Some of the more basic areas that should be explored include:
Acceptable-use policy: Today, employees view personal Web surfing and e-mail just like making a local call over company phone lines. As a result, the potential for abuse is significant. A clearly understood use policy helps set expectations and curb inappropriate personal use.
Anti-virus policy: Similarly, common-sense guidelines on avoiding viruses (not opening e-mail attachments before scanning, avoiding e-mails from unfamiliar addresses, etc.) can go a long way toward defusing this threat.
Information sensitivity policy:
Employees also must be informed of issues like what kind of information should and shouldn't be communicated via e-mail, how client confidentiality agreements pertain to e-communications and how sensitive information should be stored on the company's electronic networks.
Password protection policy:
Employees should be required to change their network passwords periodically (every 90 days has become a typical practice), using random combinations of letters, numbers and symbols to foil wouldbe hackers.
Wireless communication policy:
Finally, wireless network access has provided employees even greater freedom to work outside of their offices and from the road. But special security concerns exist, especially for employees connected to your company's internal network on an unsecured mobile device. Employees should be trained on how to use wireless security programs.
These are just a few of the many information security concerns that must be addressed as part of a comprehensive approach. Other issues, including extranet and firewall protections, remote access policies, server security, etc., should be explored and discussed with the company's IT consultants.
In any case, small companies shouldn't neglect their information security needs. Just like a security system can protect your physical assets, sound policies and informed employees can help protect your critical information.
In today's world, such an approach isn't just a wise precaution-it's an essential business practice.
