With the holiday season fast approaching, businesses cannot simply shut their doors without having made all the necessary arrangements to ensure that their information, whether physical or electronic, as well as their business, will be adequately secured over this time.
“The holiday season has a tendency to sneak up on us, which often results in important tasks, such as preparing for the shutdown, not being completed before staff go on leave," says Guy Kimble, information systems & operations director at Metrofile "No longer is it safe to just shut up shop. An increasing number of companies are being adversely affected by building fires while theft remains an ongoing problem.
"It is important that all businesses put aside the time to make preparations for the shutdown period, that will see a number of checks being carried out. The first is to make sure that your critical physical records are securely stored in a fireproof cabinet or vault. Secondly, you need to make sure that all your electronic records and data have been backed up, that the backup has been verified and a copy stored off-site in a secure and controlled environment.”
According to Kimble, most businesses are of the belief that it won’t happen to us. There is growing evidence, however, particularly given the current economic climate that more and more businesses are experiencing break-ins, computer hacks and not withstanding the risk of fires.
He warns that too many businesses do not have adequate data protection and disaster recovery measures in place. All too often businesses assume that the processes they have in place are sufficient, only to find this isn’t the case when disaster strikes. For example, computer backups are often found to be corrupted or stored on media that is faulty, but perhaps more frighteningly, is that backups are often left in the server room, stored on the same premises in cabinets where they are prone to theft or damage. Best practice recommends that backups are stored off-site in locations that are designed to keep these safe and to maintain the integrity of the media.
“Always check that your business information is in fact what is being backed up, as we have had cases where a client has called for their backup tapes, only to find that there was no business related information on the tape or that it was corrupted. We have also had cases where the contents of the tape were not what was expected, with the wrong information having been backed up – movies, photos and staff music databases as opposed to the expected businesses’ data,” adds Kimble.
“It is also important, at this stage, to ensure that you have all the usernames and passwords of your IT infrastructure on record. While your IT department may already have this information on record, it is critical for business owners, or at least their assistants, to have this information securely stored on file in the event of an emergency. Ensure that this list includes the passwords for all system administrator accounts, web sites, applications, intranet sites and business solutions.”
Kimble also cautions that responsibility should be placed on key members of staff to take a walk through the workplace, and to identify what potential risks may be evident. Often overlooked, are cluttered areas with overloaded power adaptors, cluttered emergency exits, faulty lights or fittings and broken windows. Alarms and electric fences should also be tested, as should the smoke alarms and smoke detection systems during this walk through procedure.
Access to your premises over the shutdown period should also be scrutinised, especially at a time when no staff or only a skeleton staff will be working. Kimble warns that your business should be controlled from the perimeter and security personnel should receive strict briefings on who should be allowed access to the premises. It is also important, particularly where you have limited security guards on the premises, that they have ready access to armed response, as an increasing number of businesses are finding that single guards are no longer a deterrent.
“The control of keys, access cards and passwords is very important. Check with the relevant personnel as to when these were last audited.” Don’t forget that high staff turnover is a reality for many South African businesses and even if you have defined controls and procedures to manage staff when they exit the employ of a business, it can happen that a set of keys or an access card is not returned and accounted for,” says Kimble.
He warns that the simple loss of a set of keys could become a potential crime hazard, and if there is a possibility that there are keys missing, then rather err on the side of caution and have the locks changed. In addition, conduct an audit of your access cards and deactivate any access cards that cannot be accounted for, and then change the passwords on the access control keypad systems. Staff members that don’t receive these changes straight off can always be informed of these on their return.
“While the above may seem part of normal routine, these security procedures are often overlooked. My top tip for businesses, however, is to review who has access to your online systems, including your banking. Confirm who is in charge, and whether or not there have been any significant staff changes. If there have been, and you can’t guarantee that the handover with staff was effectively controlled and passwords were changed – then change them again.
“We may believe we diligently check all of the above measures on a regular basis, but this isn’t always the reality. Don’t risk your businesses’ future by not taking the time to put contingency plans in place, to plug potential loopholes, and to prepare a risk analysis of events that may impact your business. Once this has been completed, you can head off for the holiday period in the comfort that you have done what is necessary to safeguard your business, your records, your data and your future,” Kimble adds.