Block the breach

How to secure company and client information

By Arriel Vinson

It can happen to small businesses or large companies. Client and company information is put at risk, consumers and employees are worried, and the company has to be even more careful than they were once before. But there are ways to keep company and client information safe, or as safe as possible.

Tahir Mahmood, president of Green Verge, a Zionsville, Indiana, technology-consulting firm, says there are small things a company can do to ensure the security of information, such as shredding documents instead of throwing them away and shutting down company computers once the workday is over — or at least logging off. But there are other ways to keep information protected.

Stay up to date

Mahmood says that hardware, software and security training should be up to date for the company, and internal auditing should be done quarterly, every six months or at least annually. “(Updating) solves more than half of the problem. Usually, once everything has been loaded, it tends to go into the back of people’s minds to keep checking for updates.” He says not updating software/hardware can introduce loopholes in the company’s system.

Back up your data

There are different kinds of data to backup, according to Mahmood. He says bigger companies usually have another location where their information systems are secure, in case of loss at the main location. But even smaller companies should have information stored elsewhere.

“You should have typical information and your financial and HR information backed up in a secure location in case anything happens.” And by anything, Mahmood means in case of hacking or a natural disaster.

Educate your employees

For small businesses especially, education about security and information management can save companies a lot of trouble. “It is up to management how much importance they give to company and client information, and how much they invest in terms of finance, time, energy, knowledge and training.”

Mahmood says it is also important for companies to know how different departments are using information and how often, as well as when information is being accessed without permission. If the company is larger, Mahmood suggests knowing what locations are accessing information from one server. Staying aware of this information can increase data protection.

But, if a company does run into security problems, Mahmood has tips for a company to recoup. The information may not be retrievable, but Mahmood says it is important to focus on what can be done in the future.

Be upfront about losses

Mahmood says the best way to confront a security breach or information loss is to be honest.

“Putting the problem under the rug and trying to hide the damage that has been done won’t help. It is more important and less damaging if the company is forthright,” he said.

Create a plan

He says it is best to prepare for these types of situations in advance, but of course avoid them as best as possible. Companies should create a plan for securing data, and a plan if data loss may happen again.

He recommends that every company have identity management, network security, application security and a disaster plan, which are also services Green Verge provides. He says not having this can cause companies to invest much more money in damage control than they initially expected to.

Mahmood says that management should make an effort not to repeat the situation again. He also says, “It is better to be proactive then reactive. Other than the financial aspect of losing information, there are prices to pay: the reputation of company, the confidence (employees have) of management, your reputation in front of your clients and in certain circumstances, consumers as well.”

For more information on Green Verge’s services, visit greenverge.com or call 317-674-6500.