In the age of the internet is all pervasive and data flowing freely between
organizations and individuals, Hardware, Software, and Data Security have
become a pressing need for all growing organizations. To get things started
for your company has listed an approach to Security that can be implemented
on various levels at IT Company.
How to Secure IT Hardware
The first line of defense against theft should be for company hardware since
physical theft is the most common and recurring of company property
theft.
a. CCTV Cameras
The most obvious time-tested option here would be to employ CCTV cameras in
all areas of the office where devices with proprietary data are located. The
IT companies will have to install compact ceiling-mounted cameras which are
inconspicuous which should cover all active areas of the office. The only
limitation to this is the initial investment and the continuing investment
in security staff to monitor live video feed.
The cameras can be fitted with motion sensors in regions of low activity to
save on power and monitoring needs. (Howell, 2016)
b. High-Precision Motion Sensors Coupled with Night Vision Cameras
Places in an organization which have hypersensitive information stored in
purely physical or hard copy form such as defense project blueprints, or
bank Deposit vaults you will need a souped-up version of the first option
that is linked to alarms and automated doors that slam shut in case a highly
monitored zone registers unwarranted movement. Motion Sensing Night Vision
Cameras linked to alarm systems, and automated steel doors that snap shut
may be the answer here. Or the motion-sensing laser system can be used.
(Howell, 2016)
c. High Impact Low Investment Visible Deterrents
Once the first two options are covered the company will have to get down to
the specific devices for security measures. A simple act of putting up a
sticker that says “ Do not Tamper: Traceable Device” will deter many wannabe
data bandits. The company can put such stickers on key points on a laptop or
a desktop. Services such as Immobilize (RFID tag) help you mark and display
protected property. (Howell, 2016)
d. Invisible Tagging
Companies such as Retain guard and Smart Water help you tag your electronic
items such as a Laptop, Tablet, Smartphone or PC with a permanent unmovable
tag or invisible ink to tag the item of your choice. Post theft it can be
tracked easily to retrieve the said item. (Howell, 2016)
e. Multi-layered Hardware Protection
An office environment can have zones of varying vulnerability to theft and
intentional damage to data. In this case, it is best to employ a variation
of all the methods specified above to ensure maximum safety. The CCTV can be
employed throughout the office campus since its working mechanism is pretty
straightforward. In places where security is completely beyond compromise,
with the fate of the company hanging on the said physical storage of data,
Motion sensors coupled with night vision cameras and steel doors can be
employed for security.
While inside the office working environment where it is tough to oversee
every single interaction in terms of hardware exchange, you can use visible
deterrents such as Immobilize RFID tags to fend off low-level threats to
theft.
For the more persistent thieves, you can combine visible deterrents with
invisible tags to see that the thefts can be tracked down and brought to
light! (Howell, 2016)
How to Secure Software
The software that your company uses is the foundation on which your business
runs and on which your customer data is stored. The company will need to
look into this as the most important thing on your to-do list after Hardware
Security.
a. Thou shalt not fail to Update and Upgrade! , finding and fixing bugs
This is the holiest of all Software Security Commandments! Since the
software of an IT organization is the backbone of their electronic
resources, the company will need to see to it that it is being on top of any
updates or patches of the software tool that it is using, and will install
it instantly. The company’s business depends on it. Not only do software
upgrades increase the speed of your business, they see to it that any holes
in software security aren’t exposed to interested parties, whoever they may
be.
Large companies see to it that their IT admin teams take over this aspect of
updating and upgrading all software’s even remotely related to the business.
They work on the off-shift timings to install updates and clear system bugs
and see to it that the core software’s run smoothly.
Smaller companies may not have the resources to hire large admin teams to
see the regular updates are done on time. As an alternative, scanner
software can be installed which checks for updates and inform the employees
so that they can install the software patches themselves.
(MacGraw, 2011)
b. Install paid Antivirus software’s
The other major way a company can ensure the software security and prevent
additional bugs in your program software is to install paid antivirus
software to prevent internet security threats that eat into your processing
power and corrupt system files. Free antivirus software just does not pack
enough punch as much as the paid versions and even small businesses can
afford the cost of such software. (MacGraw, 2011)
c. Add Company Specific Firewalls
No matter how small a company’s IT admin team is, it can always ask the team
to develop and add custom firewalls (Software restrictions) to see that your
core company software is being used the way it is supposed to. If this step
is done right, it will prevent unauthorized logins, usage, and streamline
the usage of software resources in your IT Company. For example, if someone
is hogging internet bandwidth by using domestic applications while a
critical business deliverable upload is going on, the IT admin can script
specific application-specific firewall to see business data uploads are not
hindered. (MacGraw, 2011)
How to Secure Sensitive Data
This is no easy task and it involves locking up all your crucial business
data in layers of software security along with dedicated processing power to
ensure continued protection.
a. Decide Which Data is Important
Encryption at this level is highly complicated and even expensive therefore
the first thing you have to do is sort out the business data which is worthy
of high-level encryption and data protection. This will leave you with more
resources to offer better data protection (Data security handbook, 2008)
b. Manage Passwords and user account with different access control
effectively
Passwords are the first line of defense against data theft. Generating and
managing them can get cumbersome if they have to be changed regularly. A
company can do these using services such as the Last Pass which helps create
and manage passwords for users. Use a paid version. (Data security handbook,
2008)
c. Train the Employees on Data Security
The best tool to avoid data theft is to prevent it, by training the
workforce. Organize team meetings, webcasts or even email blasts, whatever
works best for your organization’s size and scale. But a company gets across
to its employees the best practices adopted by the company for data security
have to be adhered to. Empower your employees, Cut the problem at the root!
(Data security handbook, 2008)
d. Encryption
Encryption is the act of scrambling and coding data beyond its conventional
use to make it meaningless to an outsider without the encryption passkeys.
Services such as True Crypt help you encrypt an entire Hard Drive or even a
USB drive to make sure a company uses only encrypted data which only it has
access to.
SSL encryption or Socket Service Level Encryption for Webpages is a novel
way of making sure your online content isn’t being hacked an external
entity.
Before you start deciding on encryption first weigh the advantages and the
cost side by side so that the organization doesn’t lose more than it gains,
as a business. (Data security handbook, 2008)
e. Antivirus Software’s
These also play a huge role in keeping Trojan programs from the net and
other viruses from hijacking or corrupting your data beyond recognition.
Moderation is key here if this is done beyond a certain extent it may
actually slow down your business processes. Hence always match your
antivirus software with your organization’s computing power to get the best
fit and results. (Data security handbook, 2008)
f. Network traffic monitoring
When it comes to IP traffic monitoring it’s a must to implemented if the
company dealing with sensitive data. The most popular free IP traffic
monitor software is wire shark it’s built-in with Kali Linux, which is the
best operating system for
a vulnerability penetration test. (Data security handbook, 2008)
The guidelines specified here are hugely comprehensive and highly contingent
upon the size and resources of the organization. Each method stated here has
to be chosen after weighing the pros and cons according to the resources
available in the organization against the Security need and the investment
that can be made for the same. For example, if the organization in question is
an MNC it can encrypt large amounts of data without thinking twice about
implementation cost. In small organizations, data encryption and even and
software upgrades have to think upon, planned and executed based on the
availability of funds.
But since this is a holistic guide to organizational security even slivers of
the said guidelines can be taken out of selective context to design effective
levels of
security for the said organization in Hardware, Software, and Sensitive
Data. And organizations irrespective of size and access to funds can refer to the
said suggestions to optimize existing security infrastructure and reap a
higher bottom line.
Data security handbook. (2008). Chicago, Ill.: ABA Section of Antitrust
Law.
Howell, D. (2016). How to protect your business hardware. [online] Techradar.
Available at:
http://www.in.techradar.com/news/computing/How-to-protect-your-business-hardware/articleshow/44860287.cms
[Accessed 6 Sep. 2016].
MacGraw, G. (2011). Software security. Upper Saddle River, NJ: Addison-Wesley.
