Fail-Safe Measures

For your business, a good firewall and network intrusion detection are a start, but just as important is your staff—employees should be well trained, skeptical, and vigilant.  Salustro says end users should be knowledgeable enough about company security practices to question a suspicious call or email and “refer it to the IT person, rather than giving out information.”

Lastly, in addition to external threats from viruses or hackers, how well do you know your business partners?  Mike Dodson, president of Fresno, CA-based Lotpath, Inc. says it’s essential “to choose your trading partners carefully, and work with companies you can trust to secure your information.”

 #2 – Policies and Training

Policies or training alone are not sufficient to support a security program; they must work together.  “We find that while training seems to be a logical thing to do,” Bevente says, “without a clear policy that is part of the employee’s conditions of employment, it doesn’t have much of an effect.” If violating company policy might result in termination, he finds, workers will usually pay more attention to the details.

Bevente says all organizations, regardless of size or type, should have a security policy.  At the very least, it should clarify what belongs to the company—including computers or laptops, as well as the information stored and accessed by them.  If personal use of systems is allowed, this should be spelled out, along with mention that all company computers are monitored.

“It basically becomes an ‘acceptable use’ policy, [which is] the beginning of a training program,” Bevente explains, and should clearly state that employees should not turn off anti-virus protection or install software without approval.  The policy should also clarify the minimum length for passwords, the need for encryption of outbound data, and caution users about opening unsolicited emails and attachments.

Dave McCary, who calls himself a “geek translator” at Zumasys, Inc. in Irvine, CA says companies should also have Internet content filtering to block certain types of popular websites, which often harbor malicious software. 

But beyond forbidden sites and their threats, is the issue of bandwidth.  Few workers are aware of the significant cost of bandwidth and how streaming videos can clog up the Internet performance of an entire company—this includes iPhone updates, McCary notes, and use of Apple’s iCloud.  To combat such problems, some firms run two connections: one main, high-performance broadband connection for core company business, and a redundant Ethernet or wireless service for employees that also serves as an emergency backup for the primary line.

For Walborn, education is critical.  Staff should be kept informed through meetings or regular updates about viral threats, potential compromises, and proper diagnostic and prevention tools and techniques.  This should be extended to personal devices and networks as well, encouraging employees to tap into the IT department’s expertise—since an increasing amount of work is done away from the office, on the road, or at home. 

#3 – Infrastructure Investment

Even with more outsourcing and data-to-cloud system providers, there is still a need to invest in infrastructure.  “I don’t think there’s any question the future is going to involve more online, web-based, and mobile-based technology solutions for the produce industry,” Dodson says.