You are creating a more secure environment by limiting access through physical barriers and monitoring tools. And all of these are the first steps to cyber security too. Industry best practices for cyber security include logical and physical access to data. Physical includes all the above that you do to keep your business secure.
Physical security measures should also be protecting your information technology (IT), in addition to your product and cash on hand.
1. Conduct an inventory of your IT assets. As a business owner, you should know what IT assets have customer, employee, and business data. Identify where these tablets, desktops, and laptops are located.
2. Execute a plan to physically secure the IT assets. When the IT is not in use, where do you keep it? You should consider your data and the physical items that hold data to be more valuable than the cash in the register. They should be locked and put away when not in use. Consider having a log or a way for employees to sign out mobile devices to track the location of all equipment.
3. Password-protect the devices. Each device should require a password to log on to prevent unauthorized people from using the device. This control is a transition from physical to logical controls in setting up a cyber security plan.
Next, think about logical barriers to unauthorized access to data on your devices. Logical measures are to ensure that only authorized users can perform actions or access information in a network or a workstation.
1. Conduct an inventory of your data. Just as you need to know what physical IT is being used by your business, know what type of data you are storing. Do you collect customer emails for a newsletter? Do you have a file of proprietary business information that is your secret sauce to success? Identify your employee data and where it is stored.
2. Execute a plan to logically secure the data. Locks and keys are important to physically securing buildings and rooms, and passwords and encryption are the equivalent for logically securing data. Each employee should have their own password that allows them to access only the data they need to do their job.
a. Use passwords to not only protect the device, but also file folders and documents.
b. Consider using share portals that store documents that are accessible only by those who need access to complete their assigned tasks.
c. Use software that has multi factor authentication. Think about this as a deadbolt which adds a layer of protection.
Next let’s think about ways to make the whole IT structure more secure. Your building may have an alarm system or a monitoring system that will alert you when an intruder is trying to break in. You want the same type of monitoring on your IT.
1. Updated virus protection. Use a reputable anti-malware or virus software and update it regularly. Also, run patches and updates for all your software on a regular basis. Companies push updates periodically to improve the functionality of their software, and often they close off cybersecurity weaknesses that have been identified. You do not want to be leaving a window open that circumvents all the locks on your doors.
2. Train your employees to identify fraud and phishing attempts. Teach them to not click on unknown links or attachments. Consider limiting the use or access to personal email accounts on work IT.
3. Using the Cloud. Using the cloud or software-as-a-service that depends on the cloud can be a great way to optimize business. Ask about their security. Find out where your data will be stored and what measures are being employed to protect it. Do they encrypt the data in transit? Do they encrypt it at rest? What is their liability if someone hacks them and accesses your data?