Thursday, January 28, 2010

EARLY WARNING - Keeping Your Business & It's Information Safe

EARLY WARNING

Keeping Your Business and Its Information Safe


By Nikki Viljoen – Viljoen Consulting January 2010.

I realize that for some this may be a bit like ‘closing the stable door after the horse has bolted’, since the holidays are over (mostly for another year). That said, I don’t believe that keeping your business safe should only be done during the times that you are away on holiday. Keeping your business safe and keeping the information and/or data pertaining and belonging to your business needs to be kept relevant all the time.

Closing the doors to your business without making sure that you have all the arrangements made to keep your information (be it physical and/or electronic) safe and ensure that your business is sufficiently secure is relevant whether you are going home for the evening, or the weekend, or indeed a holiday. We all know that the reality of the situation is that it is no longer safe just to close and lock the doors and be on our way. Ongoing problems such as building fires and theft need to be managed, even whilst we are not ‘at the office’.

I would suggest that a checklist of things that should be done be implemented to ensure that everything is covered. Some of the issues that need to be looked at are (but not limited to):

• It is a good idea to make sure that your important documentation is stored in a fireproof safe or cabinet.
• Electronic information should be properly backed up with copies of everything stored off site or in cyberspace somewhere – don’t forget to randomly test the information to make sure that it is not corrupt, especially if you are using disks and/or flash drives. Also please think about what you are doing – don’t leave your back up disks lying next to the computer and/or the external hard drive next to the computer. If it is the hardware that thieves are after your external hard drive is just as important as the computer and if it is your information that they are after – well leaving your backups where they are easily accessible is just not clever!
• If the ‘back ups’ of your electronic data is outsourced to someone, make sure that they are actually doing the back ups – insist on a report of some sort (every time that they do the back up) that evidences that a back up has in fact taken place.
• Ensure that the correct data is being backed up – having your photo’s safe and sound is great, but having all of your business information and all of your business transactions safe is even better!
• All the usernames and passwords pertaining to your IT department should be kept on record, somewhere safe (irrespective of whether or not they already have this information on record or not) in case of an emergency. It is of the utmost importance that the business owner and/or at the very least, their assistants have this information. This should include (but not be limited to) passwords and user names for all system administrator accounts, websites, applications, intranet sites and business solutions etc.
• Get the employees to assist you – have a good walk around and have a look at potentially weak and/or dangerous areas, especially those that are cluttered. Look for wall plugs (or even plugs on extension cords) that are overloaded, or emergency exits and/or fire exits that are blocked. Don’t ignore things like faulty lights (they could mean an electrical fault that could cause a fire) or broken windows. Test alarms (in fact alarms should be tested on a regular, irregular basis and a full report should be submitted from your service provider on a monthly basis so that you can see if alarms are set when they are supposed to be etc) and electric fences to ensure that they are in good working condition. This would also obviously apply to those who have things like smoke detectors and smoke alarms and the like.
• Access to your premises both after hours as well as when you are away should also be monitored, especially if you have a skeleton staff on duty or no staff at all. People floating about, when there shouldn’t be anyone about at all could be a potential problem.
• Make sure that security personnel know exactly who is allowed access and who isn’t. Make sure that your security personnel check the perimeter on a regular, irregular basis and that they report on everything that is both normal and out of the norm. Incident logs are necessary, especially after hours or when the company is closed for the holidays.
• Keys, passwords and access cards should be monitored and audited on a regular basis. In fact, as part of your ‘exit interview’ the return of keys, changing of passwords, return of access cards, return of cell phone, cars, computers and everything else that is usually given to staff (and don’t forget the petrol cards and even company credit cards) should be documented and signed for. When auditing – make sure that all the keys, passwords and access cards are accounted for, authorization for cutting of keys etc, should be strictly controlled.
• Auditing on a regular, irregular basis of who has access to the online systems, such as banking etc is also of vital importance especially if there is no dual control of passwords or authorization of transactions required. It really would be quite a disaster if you came back from holiday to find that the bookkeeper has emptied out the coffers and is now on permanent holiday somewhere in the Cayman Islands! In fact if the offices are closed and there is no need for anyone to access the bank accounts, it might be a good idea to have the bank block access until the return of the relevant staff and/or when the business re-opens.
• If there is a skeleton staff on duty, make sure that proper handovers are done and documented.
• Make sure that passwords are changed on a regular, irregular basis, to keep them safe and secure.

Putting a check list in place and making the relevant employees sign off evidencing that all of the above (and any other requirements that you may have) has been done will go a long way to ensuring the safety of your business and the information/documentation/data that is relevant to your business. As usual being proactive is a lot easier and a lot cheaper in the long run than being reactive.

Nikki is an Internal Auditor and Business Administration Specialist who can be contacted on 083 702 8849 or nikki@viljoenconsulting.co.za or http://www.viljoenconsulting.co.za

No comments: