Tag Archives: Information Security Recommendations

Information Security – Who needs it? Law Firms Do!

You own or manage a law firm and have a lot of important cases. But are you taking information security seriously? If not, you are exposing your clients and your firm to potential negative ramifications as evidenced by several Atlanta law firms who failed to secure sensitive documents. Due to poor information protection practices several law firms dumped sensitive documents containing case information, W2 information, bankruptcy files, and old checks among other data directly into an insecure location. When some of the original documents were traced back to a firm it was learned that the employee who performed that action was instructed to dispose of the documents in a large dumpster that was believed to be a secure site.  The original article linked above quoted the employee as saying “My understanding is that once stuff goes in nobody can take anything out because it’s very deep.”

Business Risk

By failing to secure sensitive client information the law firm exposed themselves to liability lawsuits and a damage to their reputation of being trust worthy representatives of their clients

Information Security Lessons Learned

  • Sensitive information residing in physical form should not just be thrown out. More thorough destruction techniques such as shredding or incineration are necessary to safely eliminate records that have outgrown their usefulness. You could also consider hiring a firm that specializes in these activities but be sure to audit their compliance on occasion.
  • Sensitive electronic media should be secured by overwriting it as detailed in a previous article.
  • Once you have implemented effective techniques as outlined above educate your employees how to perform the desired actions and audit their compliance on a periodic basis.

Remember simply putting information in a dumpster does not equal information security!

Photo by http://www.flickr.com/photos/caterina/

Information Security – Top 10 Items your Business Needs to Do Now

1. Protect your laptops, desktops, and servers

Your companies laptops, desktops, and servers are likely critical for most of your major business processes from customer management to invoicing, accounting, and payroll. If your systems are not available for use you can not perform these activities and keep your business operating effectively. Worse yet, if your devices have been compromised your data is not secure and it can be deleted, manipulated or misused for financial gain by cyber criminals. Simply, keeping your systems secure helps keep your business secure.

2. Separate your network from the Internet

Your network is your businesses pathway to the Internet and interactions with customers, suppliers and other business partners. Your network also enables those seeking to do harm potential access to your company’s systems so it is important to follow good network security practices to prevent unwanted access to your systems. Keeping the bad guys out while allowing needed business activities to happen is the name of the game.

3. Online Banking Security

Online banking is convenient and can be a real productivity enhancer for individuals and businesses alike. It is also filled with perils especially for businesses that are not afforded the same liability limits that individuals enjoy. If something goes wrong with your online banking does the bank really have your best interests at heart?

4. Backup your critical data

Most of the protection areas discussed focus on insiders or outsiders intent on causing trouble but sometimes equipment just fails. Are you prepared if you suffer hard drives failures on critical systems or would you lose critical data that could potentially put you out of business? Back it up and get the peace of mind that you can recover if your hardware has an issue. Systems are easily replaceable but the data often is not.

5. Follow good password practices

Unless you have implemented more advanced controls passwords are likely your primary method for controlling access to various accounts and sensitive data. Despite years of repeated attempts to educate end-users about what makes a good password many people still make easily avoidable errors. Don’t be one of them, follow good password practices and you will come out ahead.

6. Educate your employees about information security

A company may spend a significant portion of its revenue on information security but if it’s end-users have not been properly educated all of that can be easily defeated by a crafty intruder. Fake emails, known as phishing, have greatly improved in quality and can often fool even observant employees. What will your employees do when they receive and email they think is coming from you but is sent from a suspicious email address?

7. Physical security

An information security protection program is only as good as the physical security in place protecting the assets. If someone can steal the device or gain unauthorized physical access to it all other protection measures can be of little value.

8. Secure your wireless networks

Everyone is using wireless these days it is convenient and helps facilitate business. It is also very insecure right out of the box so it is important to implement best practice security solutions to ensure your networks are safe.

9. Encrypt sensitive files

Passwords are a first line of defense but often times they alone are not adequate to truly secure sensitive data such as employee records, customer lists, and credit cards. Loss of this data can subject a company to legal fines and embarrassing customer notification expenses so it is important to take additional measures to protect this data and you’re your business stakeholders comfort that you are doing the right thing to protect their sensitive data.

10. Securely remove data off of old devices

When you get rid of old computers, servers, network devices, and printers your job is not yet done. These devices will walk out the door with sensitive company information on them if you do not put in place proper measures to cleanse them prior to removing them.

Remember keep an eye out for our detailed implementation advice for each of these top 10 items coming soon!