Security Jungle - Part 3 of 3

In our first and second part of this series, we outlined easy to follow security best practices for home users and employees that operate in corporate environments.

Many large firms enjoy the benefits of a full time security officer, while SMB owners have to fill the security role also. Security is a vital part of every single business today. Part 3 and 4 focuses on management responsibilities for both small and medium businesses and larger corporate environments.
[Based widely on the “COBIT Security Baseline” – ITGI.ORG]

  • Staff should know the security dos and do not’s. Create a basic set of security policies that can be enforced.
  • Make sure staff understands the need to protect business information. This information is confidential.
  • Segregate duties – For critical tasks, two people should be responsible for backup and to avoid collusion.
  • All managers must make sure privacy, intellectual property rights, as well as other legal, regulatory, contractual and insurance requirements are protected or being met. Fines and penalties may be in effect.
  • Ensure that your technical environment is supported by security measures (backup, firewalls, intrusion prevention systems, patching, virus protection, etc).
  • Assess risks to your business and mitigate or transfer them. Prepare disaster recovery plans.
  • Ensure user access and connectivity for internal and external users is controlled.
  • Prepare procedures for security incidents. Make sure they can be identified, monitored and acted upon.
  • Make sure your computers and data are protected from theft, damage or loss.
  • Make sure all your data is kept on a server. Harden the server and lock it up!
  • Physical protections (e.g., parameter security for heat, dust and electricity) should be in place.
  • When using external resources, don’t give them the “keys to the kingdom”. Lock down their access!
  • Ensure that computer use is monitored and usage is for business only.
  • Finally, make sure that staff is aware that they may be held legally responsible for any security breach.