After the Equifax data breach, it should be obvious why any business should audit the security of their data. Most companies keep everything from inventory lists to customer financial data. Data breaches could lead to legal and financial liability, bad publicity, and potential law suits or fines by the government. Therefore, it is important that companies have a good security plan in place to stop hackers or ransom-ware attacks.
An Audit Checklist for Data Security
Companies can minimize the risk of data intrusion with thorough security measures, regular monitoring, and immediate response. Thus, the following checklist may help you with conducting an audit of your equipment and network.
Employees and software
Companies need basic firewall protection plus virus and spyware detection in place. However, for best results, consider hiring digital security personnel to install, manage, and monitor your security tools.
Knowing which of your staff has access to data and equipment and their limits helps keep your data secure. Also, securing your equipment when it is not in use, is beneficial.
Lock unused mobile devices, company or personal, with a PIN or fingerprint ID. Additionally, employees should not access or transmit unencrypted data.
Companies need strong password policies. Included are requirements for password creation, use of separate passwords for different websites, and password expiration dates. Another option for addressing this issue is to have a password management system that creates strong passwords.
Policies and employee training
Employees are one of the largest threats to data security. They need training on: recognition of suspicious emails or links, the importance and steps required to secure their devices, the creation of strong passwords and how to safely use cloud computing. Untrained employees put your company at higher risk for a breach.
It’s crazy how often companies overlook this simple issue. Companies must wipe all hard drives before getting rid of old equipment. This includes any data stored on your old copier/printer/scanner. What about old desktop computers, tablets, smart phones, or laptops? Did the hard drives or memory get wiped in those items before they were thrown or given away?
Backup systems keep files easily accessible should a breach occur. This allows your company to get back up and running as quickly as possible if your data is broken into.
Someone may also be able to break into your office and steal your information. To protect yourself against this type of threat, companies should install a security system at the office. Also, employing encryption on your laptops, external hard drives, tablets, and company smart phones can help keep your data safe.
Security for Ongoing Success
Tracking your security audit results and the solutions that you put in place as a result is a must. You should also look over your notes any time the company adds a major piece of equipment. If you need help building your own audit or please feel free to contact us. We would love to give you peace of mind and allow you to focus on your business.