Creating a Security Audit
In most cases, the security solutions we choose do an exceptional job protecting
our equipment; so much so, that maintaining them becomes less of a priority.
Believe it or not, a lack of maintenance makes us more vulnerable than we
realize, which is why having a structured and managed security audit is
critical. Don’t wait until your security measures have become obsolete
to begin addressing this problem. Be proactive; implement a security audit
program on the first day of installation.
Crime is on the rise and everyone is looking for a chance to get ahead,
even if that means leaving their integrity behind. With the threat of
lost profits on the forefront of everyone’s thoughts, security
has become a pressing concern for businesses and organizations, both
big and small. You have to take every possible precaution to avoid over-spending.
It’s hard enough just keeping your head above water right now,
who needs to cross unnecessary bridges?
As an IT professional, you have worked hard to create the most productive
environment for your organization. You have the best software, the best
equipment, and state of the art systems. Your colleagues are more productive
because of the work you have done, and your organization is more efficient.
Over the years, you have even managed to secure both the inside and outside
of your equipment with the very best in security solutions. But what
happens when your security system is not maintained?
Lack of maintenance can lead to total system failure. (Could that sound
any more tragic?) Okay, well maybe not TOTAL failure, but do you want
to risk even a little failure? Probably not… so follow these steps
to maintain your security system and help keep it in proper working order:
-
Baseline or flat
line? Do
a full audit of your existing software and hardware. Physically
go through and look at each piece of equipment
to be sure the software you installed is still working and up to
date. I realize this is very time consuming, but it’s the only way to
build an accurate baseline. (It is certainly less time consuming than
looking for a new job because a hacker broke into your company through
a computer with outdated security software.) While reviewing the software,
also check if the physical security components are in place and being
used. On more than one occasion, I have walked through a building and
seen a security cable lying on a desk next to a laptop, but not fastened
to it. What’s the point of buying the darn thing if no one is making
sure that it’s being used? Once you have completed the initial
walk-through, you will have a better idea of what your maintenance
plan should look like.
-
Knowledge is power. During
your audit, did you notice some out of date software? Turns out,
most
security software programs will get monthly
or quarterly updates. You need to make sure these updates are
installed in a timely manner, otherwise they do you no good.
No one wants to
lose their job because a “funny joke” email virus was
running rampant through their out-of-date system and took down
the whole network.
So be certain to get the update schedule from your vendor, that way
you’ll
know exactly when to start lighting that fire under your department
heads’ derrieres.
-
Compliance is key. Chances
are, during your audit, you also found some physical security
gear nearby,
but not in use. (You know… those
ones you spent hours researching and convincing the powers that
be that they’re exactly what you need.) Compliance is a little
more difficult to stay on top of, as I’m sure you don’t
have time to be looking over everyone’s shoulders. My suggestion
is to do periodic spot checks. Pick a random floor or department,
and do a mini-audit on
the physical security components – sort of like a “pop
quiz”.
And for those who don’t pass… it’s out to the
pastures for them! Or you could leave a post-it note reminding
them of the purpose
of that little gadget on their desk; it’s completely your
choice.
-
There’s no “I” in “team”. A
chain is only as strong as its weakest link. So, even if everyone
in your department
is up to date and compliant, it means next to nothing
if the guys down the hall are slacking off. Once you have discovered
your baseline and
set your expectations, it’s time to get everyone involved.
Build a plan that is easy to follow, explains how maintenance
will be handled,
outlines what is expected, and includes steps for reporting
all challenges and successes – and give everyone
a copy! You may even want to have quarterly contests
to reward
the department with the highest security
compliance. It is amazing how far a free lunch will go
in motivating people.
Does this sound like a lot of work? Of course it is! But trust me, better
safe than sorry. It would be a lot more work to clean up the mess when
your employees come into the office one morning and find all of their
hardware virus-ridden – or worse, completely gone.
Need help with the physical security portion of your
audit? We have high-compliance products available. Call us
at (800) 466-7636. It’s
been our own personal mission to keep your equipment
safe for the last 25 years.