BD&F Information Security

The systems that process data for businesses need to be protected before we go on to defend the data that is held within these systems.

Your wallet is a good example of a place you keep items of varying values. Even when it is empty your wallet is an item you will secure for its cost, convenience and perhaps sentimental value.

A business’s information system is similar to a wallet in that it holds valuable contents and even if empty it still has value for its use as a business tool. The first level of security for the information systems can be placing the machines in controlled areas.

If your information system runs on a single computer you should limit physical access to that machine. It should be secured against theft and accidental damage from other users of the office space such as visitors or family. A business with a server system should use a locked server cabinet or a separate room. The individual machines would still need to be protected.

The machine’s location should help protect it in times of natural disasters and fires. It should be protected from extremes of temperature and kept in a dry location. A UPS power backup allows the system to keep running after a power supply failure and gives the business control of the shut down process if needed.

Many businesses start as table top enterprises, being part of the home furniture until a separate area for working can be afforded. During those early days the machines holding the business’ information are most likely shared among family members.

The business should use a separate password protected account on the computer. When the owner logs onto that account all work done will be regarding the business. Log off the account when the work is done and the computer can be used by others without fear of losing valuable business information.

The account should be locked whenever the machine is left unattended for a length of time. The screen saver can be set to automatically lock access to the account or it can be done via the keyboard or a desktop icon.

Laptops and PDAs are also common among SMEs and care should be taken to limit access to authorised users only. If all your business data is held on a laptop it should be kept close and high risk areas should be avoided. Newer laptops have the ability to encrypt the entire drive.

If your data is lost your business would face a tough challenge getting up to speed again. Your information should be regularly backed up on an external storage drive which is kept separately from the main machine.

Photo by shareski