Monitor Activity
“Monitor user’s activity [all the time],†says Kelleher. For a single administrator, monitoring event logs and carrying out regular audits is a massive undertaking. A more realistic approach is to check the logs within the storage environment, rather than the entire network. “Logs have proven to be a source of great value if a security breach occurs and an investigation ensues,†says Kelleher. “This step allows you to better understand your firm’s use of resources, and helps you manage it more effectively.â€
Control Access
This one is pretty straightforward. “Access to data should be given only to those who need it,†says Kelleher, “even if the person trying to get to it happens to be your cousin or the boss’s son.â€
Safeguard Information
The use of uncontrolled portable storage devices, such as flash drives and DVDs, puts considerable volumes of data at risk and should not be allowed in an unrestricted environment. “These devices are easy to lose and they can be stolen quite easily if left lying around,†says Kelleher. “In many cases, the data that is on portable storage devices is often not protected using encryption.â€
Develop IT Policies
Kelleher advises all companies to implement stringent security policies with regard to how data is accessed, handled and transferred, knowing that technology alone will not protect a company’s data. “Strong and enforceable policies, along with employee and management’s awareness of possible breaches, will go a long way towards improving the level of security within an organization,†he says.
Employee Education
Last but certainly not least, workers shouldn’t leave their passwords written on sticky notes and pasted onto their monitors, nor should they divulge information to third parties without authenticating the request first. “The people using and creating the data are the greatest threat and weakest security link,†says Kelleher. “Security is more than just protecting data or placing it under lock and key — it’s also an exercise in managing people.â€
Web Resources:
Small Business Computer Security Checklist