Give Your Business an IT Security Checkup

By Richard Stokes

IT security is an ongoing responsibility for firms that deal with any kind of sensitive information. HIPAA law requires medical organizations and their business associates that access or process patient data to meet stringent data safety and security guidelines. These rules offer specific suggestions for added security, divided into three broad categories: Technical safeguards, physical safeguards and administrative safeguards.

IT Security CheckupThese categories are helpful not just for those subject to HIPAA but for all businesses that conduct periodic surveys of IT security fitness. If you handle sensitive data such as credit card numbers, Protected Health Information (PHI) or sensitive financial information, then your firm should be one of them! At least once a year, give your firm an IT security checkup using the following list of questions.

Physical Safeguards

  • Is there a hardware firewall in place?
    • Is it still supported by the manufacturer?
    • Does it have a current warranty?
    • Is there a current subscription that includes
      • intrusion detection?
      • gateway anti-virus and anti-spyware?
      • web content filtering?
      • application intelligence and control services?
    • Are you backing up data and securely getting it off-site to a secure location? Can you recover this data quickly in the event of a disaster?
    • Do you have sufficient physical security measures in place to prevent theft of equipment (camera systems, locks on doors, keycard entry)?
    • Do you have an accurate and up-to-date asset inventory list for all network equipment?

Technical Safeguards

  • Is there Anti-Virus/Malware software on all network nodes (servers, desktops, laptops)? Is it a paid version from a known vendor such as McAfee, Symantec, Trend Micro, Kaspersky, etc.? Is the subscription active and up to date?
  • Are all the Operating Systems in place still supported by the manufacturer (Windows XP and Microsoft Server 2003 are not)?
  • Is there a routine and scheduled patching interval for all software operating systems and applications on the network?
  • If there is a wireless network in place, does it utilize WPA2 standards?  Do you use a complex password? Are Guest and Private networks separated?
  • Do you employ encryption on mobile devices (laptops)?
  • Can you wipe mobile devices in the event they are lost/stolen?
  • Do you employ network monitoring tools to alert IT staff to potential threats and data breaches?
  • If you provide remote access to the network, are access and usage protocols based on best practices rather than sheer convenience?
  • Do you perform an annual risk analysis?

Administrative Safeguards

  • Do you have a password policy in place for end users? Is it complex? Do you require end users to change it on a regular basis?
  • Do you have exit policies and procedures in place to ensure that access to data is secured when an employee is terminated or resigns?
  • Do you restrict access to data based upon staff job descriptions and security clearance?
  • Do you have an MDM (Mobile Device Management) policy/system in place?
  • Do you provide education/training of your staff on network security?
  • Do you screen and background check your employees?
  • Do you have change management procedures in place? Can you audit and document changes?

The answers to these questions should all be yes. If they’re not, you now have a list of first steps for improving IT security.

Like your annual physical, this checkup is only a starting point – think of it as a screening tool, not a complete workup. Used this way, it can be an important tool for spotting potential problems and assessing the overall health of your firm’s IT security.

Richard Stokes: As the Director of Sales for Network 1, Richard identifies “future” clients that can benefit from the support of an experienced, outsourced IT team. He helps clients and prospects find technology solutions they need to achieve better productivity and efficiency so they can focus on making money and growing their businesses.

Network 1 designs, builds and supports the IT you need to run your business more securely, productively and successfully. Whether you want to outsource all of your IT needs to a reliable, responsive, service-oriented company, or need to supplement the work of your internal IT staff, we will carefully evaluate where you are now, discuss where you want to go and implement and support a plan to get you there with as little interruption as possible.

Leave a Comment

Related Posts