THE FIRST step to managing your IT security risk is to understand some threats your business can be exposed to. At Innessco, we have three categories of threats: Random, Accidental and Deliberate.
- Your documents are encrypted and you are required to pay a ransom to decrypt them (Cryptolocker-style virus)
- A virus infects your IT system and generates so much activity that normal computer use is not possible (Denial of Service)
- Staff member loses mobile phone or laptop with email and/or business documents stored on it
- Staff member accidentally deletes files from a file server
- Staff member takes corporate documents for private use (or distributes to unauthorised parties)
- External party targets your organisation for sensitive information
3 Basic Steps for improving your IT security straight away
Before you start looking at sophisticated systems and expensive solutions, make sure you have covered off the basics for IT security.
1. Apply Windows Updates Monthly – to your servers and workstations. Run a management report to verify successful application. Did you know that when Microsoft releases Windows Updates it actually publishes details of the security vulnerability? This increases the risk of deliberate threats to your firm.
2. Implement a Virus Scanner that has a central management console. Again, run a management report to verify that the virus definitions have been successfully applied.
3. Treat passwords seriously. A slip in your system allows easy unauthorised access, so make sure you:
a. Don’t have the same password for all users.
b. Don’t reveal your personal password to anyone
(use application security settings to share access, e.g. mailbox delegation).
c. Configure your system to require passwords with capital letters, numbers and special characters.
d. Configure your system to disable an account after five password failures.
Once you have these first principles in place, you can begin to consider more sophisticated solutions. The next step I recommend is to make sure you have a secure document management system that enables document level security, versioning and auditing.
Robert Cox helps law firms solve their IT problems as a director at Innessco.