Good Housekeeping

Information security concepts and terminology can seem intimidating to the average person. The following are the quickest and most effective ways of dealing with the issues. These can be thought of as ‘good housekeeping’.

Work out what’s valuable

  • Consider the effect of losing the following:
    • Your VAT return (the day before you have to file it)
    • Your accounts
    • Your customer contact list
  • Consider the effect of someone stealing:
    • All your customer credit card numbers
    • Details of the new product you’ve just spent 5 years designing
  • Consider the effect of being unable to use your computer because of:
    • Power cuts
    • Theft
    • Mystery technical glitches (at 5.30pm on a Friday, when the people who sold you the machine have left for the weekend)

The Basics

The following practices will help counteract the most common threats:

  • Backups
    • Take backup copies of important information
    • If the information is particularly important, backup your backups
    • Think about how much information you are prepared to lose and decide on an appropriate backup cycle – daily, weekly, etc
    • Store backup media away from the originals, ideally off-site
    • If information cannot be backed up (for example, valuable documents, such as deeds or share certificates), store them in a fire-proof safe or similar
  • Software
    • Keep software applications and operating systems up to date with latest patches. If in doubt, ask your vendor
    • Ensure that suitable virus defence software is installed throughout your system
    • Consider other security measures such as firewalls and intrusion detection systems as appropriate
  • Physical security
    • Keep your premises physically secure
    • Always try and make sure you know who’s in the building
    • Prevent visitors casually wandering your premises. If appropriate, fit an alarm
    • Lock valuable assets such as laptops, mobiles and file servers in a secure room
    • Keep valuable items out of direct public view
  • Education
    • Let everyone know what is expected of them
    • Ensure people know about the value of the information they handle
    • Ensure people know any procedures for handling threats
    • If you have a formal policy, ensure people know where it is, and their responsibilities
  • Access control
    • If you run a multi-user computer system, use appropriate access control software to keep those without permission away from information held on your computer systems
    • Ensure everyone who needs access has their own ID and password
    • Adopt a clear screen policy – never leave computers logged in when people are away from them
    • Ensure people can access only what they need to for their job
  • Clear desks
    • Establish a practice of clearing desks at the end of each day. This need not be a complex process. Just make sure people have a lockable drawer or cupboard they can put their work in. Make sure they’re actually locked, and the keys removed
  • Destruction
    • If you handle sensitive information, you don’t want the wrong people reading it. Destroy any copies you don’t need

If you have a lot of paper copies, modern shredders are inexpensive and effective. Some organisations use specialist destruction companies. This is normally only required if you have a lot of highly sensitive material.

This information based on Crown Copyright 2003-2014

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>