Fail-Safe Measures

As businesses grow more dependent on technology, protection from malevolent and mechanical threats becomes a greater imperative. It is less a matter of ‘if’ than ‘when’ computer malware or a service outage might paralyze a company.

Information technology (IT) departments wage an ongoing battle against viruses and hackers, with each side growing in technological sophistication.  “It always seems like hackers are a little bit ahead, but once you get up to a certain level of security,” says Keith Salustro, president of Security Best Practices in Boston, MA, “you’re in good shape.” 

At the same time, the sheer amount of data and dependence on offsite servers (known as “the cloud”) creates an ever-increasing need for top notch security.  “Companies fail at computer security because they see this only as a technology decision,” comments Lou Bevente, a partner at Bannockburn, IL-based Netrix LLC. “We see security as something you have to do, not something you buy.  Security involves people, process, and technology; technology is the easy part, it just costs money.  It really becomes a business risk discussion, not a technology discussion.”

Based on research and advice from consultants we interviewed for this article, here are four best practices to help protect your business from technological mishaps and catastrophes.

 #1 – Plan Early

Experts agree the time to plan for a security problem is before it occurs; company leaders, however, often overlook this obvious measure when all is going well.  “Before all else, make sure you have a formal, comprehensive recovery plan in place,” says Don Walborn, a seasoned veteran of the produce and software industries.. “Once you’re in the middle of a storm, it is way too late to be working on your damage control plan.” This should encompass far more than just the IT department, although it can be as simple as making sure to back up data on a daily basis.

Bevente believes the protection process starts with three questions: first, what are you trying to protect? This involves an inventory of digital assets and determining what information is most important—such as client lists, where the information is located, and who has access.  Second, what are the threats to this information? Here Bevente recommends considering both external threats, like viruses and malware, and internal threats from your users, who can accidentally delete critical information.  And third, how comfortable are you with your organization’s ability to detect and respond to a security incident?  Corporate security is like home security, the best doors and locks may not be enough.

Using multiple layers of security to provide redundancy, what Salustro calls “defense in depth,” is a layering delay tactic conceived by the National Security Agency for the military.  It’s similar to bank security with guards stationed near the front door, security cameras on the inside, and a heavily reinforced vault.  Any would-be thief would have to get inside, past the guards, avoid the cameras, and once at the vault, manage to get inside.