New Year’s resolutions this year?

Are you making some New Year’s resolutions this year? As well as making promises to try better in your personal life, why not think about ways to make a fresh start in the workplace – particularly when it comes to information security?
From a physical point of view, does your business:

• have locked filing cabinets for documents that include customer information, employee records, financial data, and other sensitive material?
• use laptop locks that prevent physical theft?
• use secure, off-site storage for documents that you are legally required to retain?
• prohibit the use of unsecure recycling bins at employees’ workstations?
• have secure shredding containers for safely disposing of documents?
• securely destroy old hard drives once they are no longer needed?
• have a secured area that can’t be accessed by anyone without a key or security pass?

From a digital point of view, does your business:

• encrypt smartphones so that data is secured even if the phone is lost and recovered by someone outside the company?
• regularly update your computer software to ensure that security holes are patched?
• backup sensitive data to a secure, off-site storage facility?
• ensure that employees regularly change their passwords?
• prohibit employees from leaving passwords written on their workstations?
• limit access to network folders with sensitive information?
• have anti-malware software installed on all computers?

From a policies and procedures point of view, does your business:

• have rules regarding proper document management that includes storage and disposal?
• have rules regarding the removal of equipment, data and documents from the office?
• have rules regarding proper document management when working remotely?
• train new employees on information security policies and procedures?
• provide regular (semi-annual or annual) refresher training on information security policies and procedures for employees?
• perform information security audits to ensure that employees are following policies and procedures?
• make adherence to policies and procedures part of employees’ performance review process?

If you’ve answered no to any of the questions in the checklist then there’s definitely room for improvement in your business’ information security practices. The good news is that all of the items featured on the checklist are easily implemented at a minimal cost.

From a physical point of view, does your business:

• have locked filing cabinets for documents that include customer information, employee records, financial data, and other sensitive material?
• use laptop locks that prevent physical theft?
• use secure, off-site storage for documents that you are legally required to retain?
• prohibit the use of unsecure recycling bins at employees’ workstations?
• have secure shredding containers for safely disposing of documents?
• securely destroy old hard drives once they are no longer needed?
• have a secured area that can’t be accessed by anyone without a key or security pass?

From a digital point of view, does your business:

• encrypt smartphones so that data is secured even if the phone is lost and recovered by someone outside the company?
• regularly update your computer software to ensure that security holes are patched?
• backup sensitive data to a secure, off-site storage facility?
• ensure that employees regularly change their passwords?
• prohibit employees from leaving passwords written on their workstations?
• limit access to network folders with sensitive information?
• have anti-malware software installed on all computers?

From a policies and procedures point of view, does your business:

• have rules regarding proper document management that includes storage and disposal?
• have rules regarding the removal of equipment, data and documents from the office?
• have rules regarding proper document management when working remotely?
• train new employees on information security policies and procedures?
• provide regular (semi-annual or annual) refresher training on information security policies and procedures for employees?
• perform information security audits to ensure that employees are following policies and procedures?
• make adherence to policies and procedures part of employees’ performance review process?

If you’ve answered no to any of the questions in the checklist then there’s definitely room for improvement in your business’ information security practices. The good news is that all of the items featured on the checklist are easily implemented at a minimal cost.

- See more at: http://www.shredit.co.uk/en-gb/blog/securing-your-information/december-2014/new-year,-new-start-making-information-security-a#sthash.x5FYwG48.dpuf