No matter how rigorous you think you
are in protecting your business against security breaches or other risks,
there's always room for improvement. Here are six simple steps you can put in
place right away that can have a significant impact on reducing your business'
exposure to risk:
1. Have a written code of conduct. Writing down rules and repercussions for
poor behavior is the best way to make sure your employees know what's expected
of them, as well as the consequences for risky or inappropriate behavior. Offer
a copy of the code to new hires, and whenever changes are made, provide updated
copies to all employees. Also be sure to review it frequently so it can evolve
as your company grows.
2. Maintain ample office security. Make sure to install adequate locks on
doors, windows, desks, file cabinets and individual rooms in your office, and
keep a close eye on keys. Make sure employees change passwords frequently and
adhere to your company's BYOD policy (you do have one, right?). Install cameras
and motion detectors as needed, and be sure to use adequate lighting in all
areas, especially near entrances and exits.
3. Schedule regular security audits. Make time to regularly check documents in
your employees' possession, both at their work station and on their computers.
The idea is not to penalize employees, but rather to identify risky behaviors
or practices where your company can improve its overall security. Once areas in
need of improvement have been identified, devise and implement strategies to
overcome these weaknesses ASAP.
4. Shred monthly -- or weekly. Pretty self-explanatory; don't leave sensitive
documents around. This includes not only your company information, but
information provided by your customers. Put a shredding day on your calendar
every month or week, and then be sure to stick to it.
5. Restrict computer access. While all your employees may need to access
computers to do their jobs, they probably don't all have to be able to reach
every document or file you have stored on your computer network or in your
company cloud. Designating clearance levels lets you decide who has access to
what, and can be a powerful step in reducing the risk of security breaches and
inadvertent -- or intentional -- information leaks.
6. Have an emergency plan in place. You and your employees should know what to
in case of a fire, theft, natural disaster or other emergency situation to
avoid unintentional security breaches. Like the code of conduct, you plan needs
to be written down and provided to all employees. Review it at staff meetings
to make sure it's understood.