Security incidents can happen at any minute. And the impacts can cripple a company, and perhaps end a small business. And we all know, or at least recognize that sticking our head in the sand will not make it go away. So how to you prepare for the eventual?
- Identify a security team or individual. Most organizations or companies have individuals who serve as points of contact for security issues, however, these individuals are often not established in writing or posted within the office area. Formalize security officer position; establish in writing and post for employee awareness. A security council may also be established in lieu of one individual. This helps set the security tone and issues.
- Review and refine security processes. Threats and hostile actors change every day. If you have a security plan and policies, review them and update them. Then have all employees review and sign them. If you don’t have them, today is a great time to start.
- Document and track vulnerabilities. It is recommended to conducted annual security assessments to identify vulnerabilities across all security spectrums – personnel, physical, and information security. Document those vulnerabilities and take steps to remediate them. This gives you an idea of what you look like and take appropriate steps to get straight. If you outsource your IT and website to third parties, request an assessment from them to ensure you are covered. They should do them already, and if so, simply ask for a copy of that assessment as it pertains to you.
- Make Security visible. Having a security board and security reminders located around the office is a part of a healthy security conscious work force. This provides a place for employees to read some of the latest information relevant to their duties, as well as provides information about the security program. This is important to keep security at the forefront of employee’s minds. Additionally, security posters in break rooms or hallways are good practices to help reinforce security policies.
- Practice what you preach. If you have policies then you need to review them and walk through potential incidents to identify issues or problems with the policy. Train your employees and rehearse actions. And set a positive security culture.
Security incidents can happen at any time and there is no way to know what impacts they will have on us. We can either take it or we can be proactive and help establish positive security controls that will help mitigate the effects. Take the step to move forward and identify the right steps for your company.