It’s the call that no corporate security expert wants to take.
“We’ve been compromised. We have to shut down, keep everyone safe then figure out how this happened”.
This was exactly the scenario earlier this month when a Washington-based company, Tech Systems, had to shut down after an employee allegedly sabotaged sensitive servers. Following the incident, the CEO ordered a comprehensive audit of its physical and computer security protocols by external consultants.
Here are some basic questions to answer in preparing your own regular security audit checklist.
How secure are your access points…? Look at all the obvious entrances from the perspective of someone who really wants to get in and is willing to use force and/or clever angles to do so. This includes all doors and windows. Then look for non-obvious access points, such as the roof/ceiling and – for small businesses in strip malls – adjacent walls. How secure are these locations from someone motivated to break in? And what protocols do you have in place for visitors?
If you have a security system, what is it set up to do …? Some companies and homeowners mistake components for systems, when in fact the former don’t always add up to the latter. Good security systems – regardless of their overall size – should be comprehensive and integrated, with all components in good working order. And if your physical situation changes – through a retrofit or expansion – then the security system should evolve accordingly.
What about your servers …? It’s hard to think of a business that doesn’t have sensitive information in digital form – be it on the cloud and/or physically present. This makes IT security of paramount importance for every company, and every server. So ask yourself, are your servers securely locked with proper system redundancies and HVAC ventilation? Have you controlled access to the servers to trained and trusted IT professionals? Do you have off-site back-ups?
What security training does your staff have …? Like the Tech System example, many security breaches come from the inside. And while you can’t eliminate all negative behavior by staff, you can set up regular security training and monitoring that keeps staff secure while also securing your company from staff.
Some calls you really want to take in business. Others you could live without. Doing regular security audits will bring some peace of mind that a call about a security breach is not on your near horizon.