Reduce your IT risk – 10 simple rules
Reduce the risks associated with your IT systems by following these 10 simple rules.
1 - Data loss prevention - Backups
Protect your data by ensuring a backup is completed at least every 24 hours (including a process to take the backup to a second geographical location). Archive your data each year in hard copy and keep in a secure location (eg a fireproof safe).
2 - Archiving
Keep archived data on up to date technology transferring it every 2 years to the latest media (eg.CD then DVD, then USB drive then solid state USB3 etc). This ensures it can be retrieved if there is a professional indemnity claim against the firm. Keep all archives for a minimum of 7 years. Password protect your backed up and archived data to ensure if lost then access is restricted to those with the password.
3 - Passwords
All passwords including those related to the database software (eg. FilePro) as well as every single other password used in the business should be retained by the owner. All passwords should be able to be changed by the owners at any time.
4 - Disaster recovery
Setup a process that replicates your complete systems from one office location to another (ideally every 15 minutes) so if the office location hosting the server is rendered unusable then you can keep working and do not lose time or data.
5 - AntiVirus/Malware
Implement security software tools on all your systems (especially servers) that protect against the contraction of virus and malware software.
6 - Power protection
Install batteries (uninterrupted power supply UPS) in your office to ensure your servers continue to operate in short lived power outages. Instant power cuts to servers crash the operating system and can cause data corruption or the server to not function correctly afterwards.
7 - Remote Access
Limit access to your company’s systems and data from specific Internet connections/sites. For example selected staff can access the system from their home internet connections but from nowhere else. Also encrypt the data between the locations using a Virtual Private Network.
8 - Firewall
Ensure your computer network is protected from external access via the Internet. This is usually handled by your router/modem device on your network. Use a business grade modem as it will offer much better protection. Also ensure it is setup by an IT professional to configure it correctly. Arrange for an external technical organisation to complete a threat assessment on your network to check if there are any vulnerabilities once every 6 months at least.
9 - Password lockouts
Make sure that if a password is entered three times incorrectly into your servers the system locks them out as they may be a hacker and automated software trying to access your systems by trying many passwords.
10 – Data Sovereignty
Ensure that all measures put in place to protect your applications and data do not allow data to be sent outside of Australia (eg. Using Dropbox as a backup).
OR use a server hosting services
An alternative to working through this list is to host your applications and data in an Australian data-centre with a hosting provider committing to implementing IT security best practice for you.
Hosting companies provide this commitment to clients in an agreement or SLA (service level agreement) which indicates what they specifically do as part of the service. This includes the security measures they will put in place in detail.
Specialist hosting providers offer a highly secure service backed by strong and specific SLAs. Habitat3 is one such provider and specialises in hosting applications and data for the law, medical, accounting and allied health fields.
Habitat3 Director, John Perkins encourages firms to scrutinise the SLAs, “Ensure you fully understand the SLA and associated Terms and Conditions related to the service offered. Don’t hesitate to question the company about the specifics of the terms in the agreement and compare that with the fundamental rules of IT risk management.”