Network Solutions

Internet Security Year - Improving Infrastructure

Internet Security Learning Center

Helping to keep your small business secure

Learn how to secure your Small Business, your employees and your customers from Internet threats like identity theft, privacy violations and lost data by deploying the best Internet security policies and procedures.

Home  |  Internet Security Glossary  |  Site Map

Search:

Home > Business Security > A Year's Worth of Security

A Year's Worth of Security

 

In the 24/7/365 world of e-commerce, security has to be a 24/7/365 undertaking.

New threats such as viruses, worms, identity-theft schemes emerge daily, sometimes hourly.

The best defense is a constant level of vigilance, with certain security matters addressed on a relentlessly regular basis. Let's look at the elements of an effective security year.

Daily - The following security issues need to be on every employee's mind every day:

  • Anti-virus and firewall software is running and the latest updates and patches are installed (this occurs automatically for most reputable security software programs)
  • Daily virus-scans are also a good idea
  • Employees are constantly alert for any computer slowdowns or other indications of possible intrusions into your systems
  • Backups, if made daily, are completed and stored off-site

Weekly - Each week you and your employees should:

  • Scan all systems for viruses
  • Backups, if done weekly, should be accomplished and stored off-site
  • Check to see whether required password changes have occurred, particularly for employees with access to critical or sensitive information systems

Monthly - Monthly security matters to be addressed include:

  • All employees should be required, or reminded, to change passwords (schedule a review session on how to create strong passwords, if need be)
  • Attend to any necessary compliance materials and filings (or preparation for these, depending on the required filing schedule)
  • Backups, if performed monthly, should be accomplished and stored off-site (if you are only backing up monthly, you should give serious consideration to a more frequent schedule)

Quarterly - Every three months you and your employees should:

  • Have a formal security policy review session
  • Review disaster recovery planning and implementation
  • Insure that all protective software is up-to-date and all passwords are regularly changed

Annually - Once a year you should:

  • Conduct a detailed annual security meeting of all employees, including a thorough review of company security policy (it's a good idea to include a re-signing of the written security policy by all employees, being sure to have them date their signature)
  • Stage a formal disaster recovery drill (twice a year is even better) and address any issues or problems that arise during the test
  • Review all security product vendors with an eye toward your satisfaction with their products and services and the renewal or extension of their contracts with all fees paid

Bear in mind, of course, that these tasks and responsibilities are constant and ongoing - that is, the daily duties must be attended to every day, 24/7/365. Even an hour's vulnerability can result in catastrophe.