Protecting Your Clients, Protecting Yourself
By Jeffrey W. Rasco, CMP
I mentioned I was recently in Boston, but didn't say why. I was asked to speak at Passkey's Group Housing Forum, and I co-presented with their Scott Rudberg on Security and Data Privacy. Doing the preparatory research just about scared the wits out of me!
I came across case after case of security breaches, and some were pretty close to home. A common thread was sensitive customer data being accessed by the bad guys - not from some sophisticated cyber attack, but from simple carelessness or stupidity. A laptop left unattended, passwords shared or left on sticky notes under the keyboard, backup tapes not secured...the list goes on.
If you are in the meetings business and your organization maintains information on your members, customers, vendors, employees, etc., you have a responsibility to protect it. The unofficial theme of our talk was "It's Not Just IT's Job Anymore." Credit card or Social Security numbers and other sensitive data in the wrong hands, especially if not properly disclosed, could bring the organization down, and even send you to jail.
We don't have the time or space in a blog to get into a lot of details, but there are some simple things you can do to safeguard important information. A great resource is the Internet Security Alliance. Visit their site and click on Best Practices. Their "Commonsense Guides" for senior managers, small businesses, and for home and individuals are well-written, full of valuable information and cases, and simple to understand. The "Commonsense Guide to Cyber Security for Small Businesses" is required reading in our office. We've always worked hard to do it right, and we found a number of things that needed tightening.
A quick look at the Internet Security Alliance's 12-Step Program to Cyber Security:
- Use strong passwords and change them often
- Watch e-mail attachments and Internet downloads
- Install/maintain anti-virus software
- Install/maintain a firewall
- Remove unused software, and especially unused user accounts
- Have strong controls on physical access
- Backup important files, folders, and software
- Keep software and operating systems current
- Maintain network security with access controls
- Limit access to sensitive/confidential data to those that need to have it
- Establish a security and risk management plan, and carry adequate insurance
- Get help if you need it
Few of these safeguards cost much if anything, and don't require a computer sciences degree to implement. In other words, it's not just for IT anymore. It's up to all of us.