EARLY WARNING - Keeping Your Business and Its Information Safe

EARLY WARNING

Keeping Your Business and Its Information Safe


By Nikki Viljoen – Viljoen Consulting  January 2010.

I realize that for some this may be a bit like ‘closing the stable door after the horse has bolted’, since the holidays are over (mostly for another year).  That said, I don’t believe that keeping your business safe should only be done during the times that you are away on holiday.  Keeping your business safe and keeping the information and/or data pertaining and belonging to your business needs to be kept safe all the time.

Closing the doors to your business without making sure that you have all the arrangements made to keep your information (be it physical and/or electronic) safe and ensure that your business is sufficiently secure is relevant whether you are going home for the evening, or the weekend, or indeed a holiday.  We all know that the reality of the situation is that it is no longer safe just to close and lock the doors and be on our way.  Ongoing problems such as building fires and theft need to be managed, even whilst we are not ‘at the office’.

I would suggest that a checklist of things that should be done be implemented to ensure that everything is covered.  Some of the issues that need to be looked at are (but not limited to):

•    It is a good idea to make sure that your important documentation is stored in a fireproof safe or cabinet.
•    Electronic information should be properly backed up with copies of everything stored off site or in cyberspace somewhere – don’t forget to randomly test the information to make sure that it is not corrupt, especially if you are using disks and/or flash drives. Also please think about what you are doing – don’t leave your back up disks lying next to the computer and/or the external hard drive next to the computer.  If it is the hardware that thieves are after your external hard drive is just as important as the computer and if it is your information that they are after – well leaving your backups where they are easily accessible is just not clever!
•    If the ‘back ups’ of your electronic data is outsourced to someone, make sure that they are actually doing the back ups – insist on a report of some sort (every time that they do the back up) that evidences that a back up has in fact taken place.
•    Ensure that the correct data is being backed up – having your photo’s safe and sound is great, but having all of your business information and all of your business transactions safe is even better!
•    All the usernames and passwords pertaining to your IT department should be kept on record, somewhere safe (irrespective of whether or not they already have this information on record or not) in case of an emergency.  It is of the utmost importance that the business owner and/or at the very least, their assistants have this information.  This should include (but not be limited to) passwords and user names for all system administrator accounts, websites, applications, intranet sites and business solutions etc.
•    Get the employees to assist you – have a good walk around and have a look at potentially weak and/or dangerous areas, especially those that are cluttered.  Look for wall plugs (or even plugs on extension cords) that are overloaded, or emergency exits and/or fire exits that are blocked.  Don’t ignore things like faulty lights (they could mean an electrical fault that could cause a fire) or broken windows.  Test alarms (in fact alarms should be tested on a regular, irregular basis and a full report should be submitted from your service provider on a monthly basis so that you can see if alarms are set when they are supposed to be etc) and electric fences to ensure that they are in good working condition.  This would also obviously apply to those who have things like smoke detectors and smoke alarms and the like.
•    Access to your premises both after hours as well as when you are away should also be monitored, especially if you have a skeleton staff on duty or no staff at all.  People floating about, when there shouldn’t be anyone about at all could be a potential problem.
•    Make sure that security personnel know exactly who is allowed access and who isn’t.  Make sure that your security personnel check the perimeter on a regular, irregular basis and that they report on everything that is both normal and out of the norm.  Incident logs are necessary, especially after hours or when the company is closed for the holidays.
•    Keys, passwords and access cards should be monitored and audited on a regular basis.  In fact, as part of your ‘exit interview’ the return of keys, changing of passwords, return of access cards, return of cell phone, cars, computers and everything else that is usually given to staff (and don’t forget the petrol cards and even company credit cards) should be documented and signed for. 

Nikki is an Internal Auditor and Business Administration Specialist who can be contacted on 083 702 8849 or nikki@viljoenconsulting.co.za or http://www.viljoenconsulting.co.za