Research shows that over 75% of businesses are increasingly experiencing unexpected unavailability of their critical business systems due to IT security intrusions(2). There are many components to consider when developing and implementing a security plan to protect your company's data and systems including virus scanning, firewalls, protecting wireless network, encryption, installing patches, and actively monitoring for intruders. There is no one-size fits all strategy, but there are some basic elements that cyour company's data and systems including virus scanning, firewalls, protecting wireless network, encryption, installing patches, and actively monitoring for intruders. There is no one-sizompanies should adhere to when it comes to IT security. 1. Management Support: The first step is ensuring that your senior management team understands and supports the value of a solid IT security plan. 2. Develop & Implement: Develop and implement a solid security policy and procedure. This should cover everything from the severs to the workstations to the level of access current employees have to what measure should be taken when an employee leaves the company. Document all of the IT assets including the data and information that needs to be protected, and spend the most resources protecting what is most important. 3. Designate A Point Person: Identify the best person to oversee and take full responsibility for coordinating the IT security plan. If you do not have a resource to be dedicated to this on-going project, then consider outsourcing this responsibility to a reputable and proven firm. 4. Response Plan: Create and test a formal response plan to be executed when there is a breach in your IT security plan. Be sure to document who needs to be notified and what steps should be taken. Critical time will be saved in the event of a breach and it will help minimize the overall damage. 5. Documentation & Training: Document and train employees on the established IT security policy and procedures so employees are fully aware of the scope and their responsibilities. 6. Review & Update: Frequently review and update the documentation as new security threats often arise as well as new and enhanced technology to prevent intrusions. 7. Audit: Have a security audit completed by an external firm. This outside evaluation can provide valuable insight into the flaws or potential vulnerabilities in the security plan. 8. Stay Informed: New developments are constantly emerging on vulnerabilities and new technology and it's important to stay on top of the industry changes. Summary: Businesses have to be proactive in protecting their critical business information and data. Developing, implementing, and testing a comprehensive security plan will ensure that your business does not become another statistic of IT security breaches. ITX provides our clients with the analysis and tools needed to mitigate the risk of unauthorized access, deletion, or changes to their IT infrastructures. ITX's clients have the freedom to choose the technologies that meet their specific needs and improve their business. (1) Computer Crime & Security Survey
(2 )Ernest & Young |
