White Papers Index

Creating a Security Audit

In most cases, the security solutions we choose do an exceptional job protecting our equipment; so much so, that maintaining them becomes less of a priority. Believe it or not, a lack of maintenance makes us more vulnerable than we realize, which is why having a structured and managed security audit is critical. Don’t wait until your security measures have become obsolete to begin addressing this problem. Be proactive; implement a security audit program on the first day of installation.

Crime is on the rise and everyone is looking for a chance to get ahead, even if that means leaving their integrity behind. With the threat of lost profits on the forefront of everyone’s thoughts, security has become a pressing concern for businesses and organizations, both big and small. You have to take every possible precaution to avoid over-spending. It’s hard enough just keeping your head above water right now, who needs to cross unnecessary bridges?

As an IT professional, you have worked hard to create the most productive environment for your organization. You have the best software, the best equipment, and state of the art systems. Your colleagues are more productive because of the work you have done, and your organization is more efficient. Over the years, you have even managed to secure both the inside and outside of your equipment with the very best in security solutions. But what happens when your security system is not maintained?

Lack of maintenance can lead to total system failure. (Could that sound any more tragic?) Okay, well maybe not TOTAL failure, but do you want to risk even a little failure? Probably not… so follow these steps to maintain your security system and help keep it in proper working order:

  1. Baseline or flat line? Do a full audit of your existing software and hardware. Physically go through and look at each piece of equipment to be sure the software you installed is still working and up to date. I realize this is very time consuming, but it’s the only way to build an accurate baseline. (It is certainly less time consuming than looking for a new job because a hacker broke into your company through a computer with outdated security software.) While reviewing the software, also check if the physical security components are in place and being used. On more than one occasion, I have walked through a building and seen a security cable lying on a desk next to a laptop, but not fastened to it. What’s the point of buying the darn thing if no one is making sure that it’s being used? Once you have completed the initial walk-through, you will have a better idea of what your maintenance plan should look like.
  2. Knowledge is power. During your audit, did you notice some out of date software? Turns out, most security software programs will get monthly or quarterly updates. You need to make sure these updates are installed in a timely manner, otherwise they do you no good. No one wants to lose their job because a “funny joke” email virus was running rampant through their out-of-date system and took down the whole network. So be certain to get the update schedule from your vendor, that way you’ll know exactly when to start lighting that fire under your department heads’ derrieres.
  3. Compliance is key. Chances are, during your audit, you also found some physical security gear nearby, but not in use. (You know… those ones you spent hours researching and convincing the powers that be that they’re exactly what you need.) Compliance is a little more difficult to stay on top of, as I’m sure you don’t have time to be looking over everyone’s shoulders. My suggestion is to do periodic spot checks. Pick a random floor or department, and do a mini-audit on the physical security components – sort of like a “pop quiz”. And for those who don’t pass… it’s out to the pastures for them! Or you could leave a post-it note reminding them of the purpose of that little gadget on their desk; it’s completely your choice.
  4. There’s no “I” in “team”. A chain is only as strong as its weakest link. So, even if everyone in your department is up to date and compliant, it means next to nothing if the guys down the hall are slacking off. Once you have discovered your baseline and set your expectations, it’s time to get everyone involved. Build a plan that is easy to follow, explains how maintenance will be handled, outlines what is expected, and includes steps for reporting all challenges and successes – and give everyone a copy! You may even want to have quarterly contests to reward the department with the highest security compliance. It is amazing how far a free lunch will go in motivating people.

Does this sound like a lot of work? Of course it is! But trust me, better safe than sorry. It would be a lot more work to clean up the mess when your employees come into the office one morning and find all of their hardware virus-ridden – or worse, completely gone.

Need help with the physical security portion of your audit? We have high-compliance products available. Call us at (800) 466-7636. It’s been our own personal mission to keep your equipment safe for the last 25 years.

 
.