Keeping your office secure is most likely high on your list of priorities, but are you sure you’re paying enough attention to your IT system? Under the UK Data Protection Act, you can face fines and criminal charges if you don’t take the correct steps towards keeping your business’ IT system secure. Fortunately, the government and GCHQ offer guidance on making this easier.
Make sure your staff are IT savvy
While the ins and outs of IT security may seem obvious to some, others need a little guidance. Make sure staff are aware that  they should not write their passwords down, and encourage them to set secure passwords in the first place, and offer training on ensuring they keep the system secure. Many staff may also need some of the less obvious rules explaining, for example only using specificweb browsers, not accessing certain features from their mobile phones or tablets, and not using work emails for personal purposes. Finally, stress the importance of not downloading software or MP3s, as this is an easy way to invite malware onto your business’ IT system.
Make sure staff are safe when working from home
Working from home offers staff members with difficult commutes a little more flexibility. However, they need to ensure their anti-virus systems are robust and up-to-date, so your information doesn’t get lost. You may want to consider strengthening your office’s intranet security if staff are accessing it from home. If you do allow staff to access work files using mobiles or tablets, ensure they are secure against new threats.
Limit removable media access
Do you or your staff like to use USB sticks? While this is a handy way to make information move smoothly between departments, it’s also an easy way to lose important information. Consider limiting access to these devices, or restricting their use. When they are used, ensure they are well protected by your IT department.
Grant access to information wisely
Not all of your staff will need the same user privileges as each other. Allowing more senior members of staff to access everything is sometimes common sense, but it doesn’t make sense to allow everyone to access highly classified information. Along with your security and IT department, decide who can access what information and how you’ll grant user privileges.
Manage risks wisely
The chances are, your business will experience a security breach at some point. While you can’t always prevent them, there are plenty of opportunities to manage them. With your IT department, find ways to manage incidents as they arise. In addition, regularly review incidents and adapt your risk management plan accordingly. The more you learn from your IT mistakes, the better.
Watch out for unusual activity
Unusual activity could indicate that something is amiss when it comes to your IT system. For example, if your offices are based in London and you notice a high degree of activity coming from Los Angeles, you may want to assume that something isn’t quite right. Similarly, look for unusual activity among your staff members, such as people repeatedly trying to gain access to systems they don’t have permissions for.
Malware and virus protection
No matter what kind of system you’re operating, malware and virus protection is essential. Not only is it necessary to have a system in place, you must ensure the one you choose is appropriate for your business’ size. This may mean approaching a professional consultant. In addition, you should review your system’s needs on a regular basis, or when there are any major changes to your office or team.
Network security
Depending on the size of your business, you may want to look at the security of its personal network too. Make sure you manage the network’s perimeter so important information doesn’t slip through, and to ensure nothing malicious comes in. In addition, you should test security controls regularly.
Small to medium size businesses may find that they do not need to do as much to keep their networks safe. However, it is important to stay on top of security no matter how large or small your business is. This means reviewing needs regularly, consulting with professionals, and testing systems. When problems like malware and viruses do arise, ensure they are tackled as soon as possible. With a consistent approach, businesses can keep data protected, and avoid costs to their finances and reputations.