We arrived at work on Friday to find that persons unknown (that’s the polite term for them) had smashed their way into our beloved studio and helped themselves to some of our valuable computer kit. Of course all our client work was safely backed up but it was a pain to clean up the broken glass, buy new hardware, transfer files onto new machines, deal with the police, sort out the insurance, and write about it on Facebook and on this blog.
When disaster strikes you either kick yourself for not being better protected or breathe a huge sigh of relief that you took precautions and prevented an even worse situation. How would you fare if something happened to your business IT?
It’s not just burglary you need to think of. Cyber security means protecting your hardware, software, sensitive data and intellectual property from unauthorized access, distortion, theft, or damage, by setting up good policies and processes. Yawn..! Yes – it’s not exciting but it IS important – especially if it’s important to your customers.
First you need to audit what you need to protect – your equipment, client data, proprietary content product/pricing/contract details, and other information such as your customer databases, financial details, and key documents.
Then brainstorm all the risks or threats to your IT security – these include malicious attacks from viruses, hacking, employees stealing or deleting information, anonymous criminals and competitors, as well as accidental or negligent situations like losing a USB stick, having a corrupt hard drive or a mouse chewing through your cables. The risks might even come from your 3rd party suppliers – what do they provide in their service level agreements?
Then for each risk consider what impact they would have on your business such as loss of revenue, lost client work - and also what indirect consequences might occur, such as clients losing faith, damage to your reputation or the cost of your time in dealing with an incident.
Work out how you can address and mitigate each risk – and put processes in place. How will you back up your data - and back up your back-up? How will you protect and update passwords? How will you store laptops overnight? How will you ensure you don’t let your website domain expire? Check what personal data protection legislation you payment card industry regulations you need to comply with. Ensure your staff are trained and have appropriate levels of passwords access to systems. You might want to consider:
What is your recovery plan for each of these scenarios occurring? Who you gonna call? How quickly can you detect something going awry and acting to minimize or fix it?
Hopefully you will never know the major inconvenience and swear words emitted when IT goes wrong – but there is a lot you can do to protect yourself and reduce your chances of it disrupting your business.
If you see anyone offering a Macbook Pro with the serial number C2QLN05CFFT0, C2QN204VFD56 or 14938001YP3 – they are ours! Please let us know or call the police.