When businesses look to improve security, the majority look at large, costly, technical changes which could be completely unnecessary. Yes it is important to have the fundamentals like CCTV, firewalls, antivirus protection and depending on the size of your business you may even need security cards or fobs for entrance. However a lot of security comes from the nature within your business, and a lot of this can be changed without even spending a penny.
Screen protection –
An easy way of changing the security nature in your business is educating your team on the importance of screen protection. Users often leave their desks without locking their computers, leaving your data and network exposed. Every business should make it a critical procedure for every team member to lock their computers when leaving their desk, especially those who are high level targets and have access to sensitive data.
There are cheap ways of improving screen protection in your business as well. Purchasing privacy screens or filters for monitors used by high level targets or users dealing with sensitive data can make a huge difference and make it difficult for anyone snooping around. Although it may seem farfetched, screens facing windows should also be thought about as you never know who is walking by.
Doors, draws and printed data –
Sometimes locking the front door just isn’t enough, a lot of businesses have rooms and draws filled with sensitive information that needs that little extra protection. Consistently keeping these doors and draws locked and minimising the amount of team members who have access to the keys and codes is another small change to the nature of your business that can make a huge difference. Take your server room for example, this is the very core to your business and should be locked at all times, with only the IT administrators with access.
Team members have an annoying habit of printing more data than is needed. Not only is it killing the environment it could also be killing your business. Educating your users on the importance of only printing what is needed and creating critical procedures for disposing printed data correctly is yet another easy and effective way to increase security.
Having designated printers for select teams, or having ‘follow-you’ printers can not only protect data but also limit paper waste, saving your business money in the long run.
Folder permissions and data access –
Users should only be allowed access to the data that they need to complete their assigned jobs and tasks. Creating an environment where users have access to heaps of data that is unnecessary for their job role is a threat to your business if for example their credentials got into the wrong hands. Speak to your IT team about your drive and folder structure and see if there are ways of decreasing the amount of access users have to data.
Something that the majority of users ask for is emails on their personal devices. When users add email accounts to their devices a downloaded copy of the data is stored. If for example the user leaves, changing the password or disable access to the account will not remove this downloaded copy from the device unless the users removes the account.
When a user asks to add their work emails on their devices you should think whether it is necessary for them to do so. One way of protecting your business from this is to provide users with devices owned by your business e.g. a work mobile, however this does not protect your business in the case that a device is lost or stolen. The best way to allow your team to access emails externally while protecting your business is instructing them on how they can access their emails using an online web portal.
Another critical procedure your business should have is a checklist of things to do when a team member leaves. This procedure should be done before they leave the door, think about the following;
- Disable accounts (emails, domain account)
- Change passwords (emails, domain account, any business related online accounts)
- Collect business property (work devices such as laptops and phones, any files/folders they have)
These are just a few ways that you can drastically improve the security in your business without the large bill at the end. Changing the security nature in your business with critical procedures, and educating your team will be the difference.