Are you confident that your business data is secure and your systems are not at risk?
If you think about it technology covers virtually every area of your business and personal life, some more than others, but technology is there.
Whatever business you are in, you will undoubtedly rely on technology to some degree. Whether you use a laptop to generate your customer invoices, or you have a vast network of computers that are all connected to multiple servers hosting a variety of applications that your day to day business processes rely on.
Hwever much or however little equipment your business has, it will no doubt connect to the internet whilst it is being used as well.
With a background in IT Security in a high security environment I am always on the lookout for vulnerabilities and risks when I am looking at computer systems.
Many people may feel that analysing the technical risks is not applicable to their business, afterall, who would want to hack into your systems, use your customer list, or take copies of the documentation of your business processes?
It is important to remember that businesses are targeted at all levels.
Small businesses used not to be a target, but according to this PWC survey in 2013 small businesses are reporting an increase in attacks, with 63% of small businesses reporting an attach by an unauthorised outsider in the year preceeding the survey. Whilst this security report by infosec puts the figure at 80%.
Small and midsized businesses face many of the same information security risks that large enterprises face.
Reviewing the technical risks does far more than just look at threats from the outside and preventing unauthorised access.
What about disaster recovery?
Technical equipment has a limited lifetime and equipment fails. We see this on a daily basis at TeamK and we carry out many repairs each day.
If all of your company information and records was stored on a USB external hard drive and that hard drive decided to die one day, consider how much that would affect your business.
My experience suggests that few companies have got this right. Even if there are key people in the company that are aware of the risks, often there is a strong inertia for not changing anything to improve the situation for fear of not getting it right. Small improvements and managment of the risks over time are they key here.
The most worrying trend is that companies assume that if they have used the services of an IT professional then their systems are safe and secure. This is not always the case. There are many different areas in IT and someone who is competent in building a computer system from scratch will not necessarily understand all the options and pitfalls related to IT system security.
I have come across some shocking examples recently, where companies had not realised that they were running unlicensed software, or another one believed that they had a server that kept all their data safe and secure, when in fact it was just a large USB disk connected to their network. Failure of that one hard drive would potentially render all of their data inaccessible.
It is important to develop and maintain a written backup and recovery plan, it is also a good idea to test the ability to perform a successful restore a couple of times a year.
Mobile Device Security
If your business uses mobile devices, such as laptops and data is stored on them, then these need to be given extra consideration. What would happen if these devices were lost or stolen? Are they, or do they require encryption? Did you know that your business could be fined if a laptop was lost or stolen if it contained customer data?
The key to managing technology is not to avoid risks, but to understand them.
Contact us today if your business would like to reduce your technical risks.