Usually when I talk to people about computer security, I discuss software updates, firewalls, and malware protection; however there is another important aspect of computer security to keep in mind: the humans that work for you. Unfortunately, most security vulnerabilities start with an employee, either overtly or inadvertently. In part 1 of this article, I will discuss how to find and prevent overt security breaches.
Overt Security Breaches
As a business owner or manager, you hope that the people that are working for you are honest. Unfortunately, there are people that will take advantage of freedoms in the company given to them. Whether it is taking a ream of paper and some pens home, or stealing confidential company information, all theft is very damaging to the company.
The first defense that you should consider in protecting yourself against overt breaches is to perform thorough background checks on all employees hired by your company. A good background check should be deep and probing, identifying any past history, that includes any convictions of crimes, errors on resumes and personal reference checks. For more information on what you should be doing, you can read this article.
Second line of defense is to limit the access that each employee has to your computer network. Each user should have as little permissions as required to perform their work. It is strongly recommended to not give administrative computer rights to individual users. Do not have a "Public" network folder that all files are stored in, rather separate file storage by group, and limit access to what employees have access to. Make sure confidential client data, such as credit card numbers, account information, and business information are only accessible by individuals that have to have access to that information. The credit card processing industry has come up with a set of standards for payment information called PCI Compliance. For more information on how this applies to you, visit their website.
Finally, most security breaches are caused by 3 things: the need, the willingness and the opportunity. Make sure you understand if your employees have "the need" to steal from you. This is the human aspect of security. Listen to what they say around the office. Watch for any strange behaviors. Finally, be aware of and monitor work performed. There is a good article that focuses on the behaviors to look for by your employees.
Your understanding of how your computer systems work and how your employees are using them is essential to providing good human security to your company. This all applies to companies small and large. Vigilant focus on human security can save your company money, time and credibility.