Photo courtesy of Flickr: Leonid Mamchenkov
When it comes to IT security for your company - and business server safety in general - there is plenty of talk about techniques you can employ, equipment you can purchase, and configurations to use. All of this is indeed vital to keeping your network safe. However, one aspect people often glide over is the fact that you also need someone that actually knows how to implement these security steps and hardware. This blog will take a look at the importance of (IT security) and how it can make - or break - your business.
No matter what type of business you run, securing your servers and computers is one of the most important tasks a company can take. It is also one of the most overlooked. I've worked for many companies that never even considered security as a priority (or at all) and most never have a security plan in place. Threats come in all shapes and sizes - from data breaches (where your company, employee, customer, or other sensitive information can be stolen), to the spread of virus' and malware, which can clog up your system and bring your company to a halt. Consider the recent digital break-in on the consumer store Target's servers - millions of customers' credit card information was stolen. In response, Target had to issue a ten percent discount to ALL of its customers (not just those that were affected) in an attempt to wipe the stain off of their corporate visage. In the consumer market, losing customer trust can be devastating.
I have seen firsthand how rogue viruses, malware, and DDOS attacks can grind a business to a standstill. Nothing is more uncomfortable than watching a room full of well-paid employees sit and twiddle their thumbs because of a lax business server safety plan.
The Role (and Importance) of a System Administrator
No matter the size of your company, if you run a business that requires a network of computers, you should have a system administrator - or at the very least, someone who can administer your systems. While the role of a sysadmin is highly debatable, at the core their job is to ensure the stability of the computers they manage. This includes managing their performance, making sure equipment meets the requirements of the company, and upgrading/maintaining computers, software, operating systems, and networks.
Preventative maintenance is key to the role of a system administrator. Applying security patches and having a security maintenance schedule that they adhere to all help prevent future issues. Of course, the creators of malware and the perpetrators of system attacks are always one step ahead of the game - after all, you cannot create a cure for a virus or stop every attack before they happen. Because of that, the sysadmin also helps to recover systems in the event of a breech.
Business Server Safety Planning
When creating a business server safety plan, you need to ask yourself the following questions:
- Do the computers and systems meet the needs of the employees?
- Are there administrative and user roles in place? Setting up system wide user roles on your company's computers to limit who can install software, what types of sites a user can visit, and even what data a given user has access to are all common IT security methods.
- What are the permissions for file sharing? Who has full access and who has limited?
- What are the permissions for system access? Who can access what equipment?
- What types of websites are permissible/necessary for work and which aren't?
- Do you block/limit Instant messaging systems like Yahoo and AOL? Not only do these allow employees to leak sensitive data to outside sources, but they are also a means to spread malware. If you need a communication system within your company, consider setting up your own instant messaging client, such as on a XAMPP server.
- Do you have logging in place? This will track what files have been accessed and by whom, and potentially any changes that were made.
- Do you have a regular backup schedule for data and systems? How often? Is the backup system on location or offsite? What happens if there is a fire? What sort of redundancy system do you have in place?
- Do you have a firewall in place?
- Do you have updated, maintained, and regularly schedule antivirus software?
- Do you have a schedule for software and operating system updates?
- Do you have remote employees? How do you handle their access? How do you ensure others cannot access via the methods they use?
- Do you have confidentiality agreements in place with your employees, dictating what type of information about your company/your clients they can disclose to others?
- Do you have a contingency plan in place for if a breech or attack occurs? What are the steps for your response?
- Do you have documentation for all of your security procedures and policies?
- Do you require a program to monitor and log employee activity? Who will monitor this system? What activities do you consider to be an infraction of workplace policies?