By Gregg Larson
RISMEDIA, July 2008- Did you know that a security breach can cost six or seven figures to recover from? It can also cause significant damage to your business’s brand and reputation with consumers. This five-question quiz for brokers can be used to gauge whether or not your business is taking key steps to protect itself from information security breaches.
1. Does your business perform initial background checks on staff?
Without employee screening-initially and ongoing-you could be putting private consumer information at risk and exposing your company to privacy liability issues resulting from identity theft or other misuse of your client’s private information.
2. Are office visitors ever left unattended in employee areas where computers are left logged in or sensitive information is on desktops or in unlocked filing cabinets?
Physical security is often a far bigger risk for information security than computer settings. Whether it’s a backup tape, a piece of paper from the listing or closing process that has sensitive consumer information on it, or information on an employee, physical security is your first line of defense in information security.
3. Do you have security policies and procedures documented covering everything from how to handle sensitive information to how to securely install and configure computers? Are new employees trained on these policies and procedures initially and are veteran employees “refreshed” at least annually?
Policies and procedure are the bedrock of an information security program. Without a thorough set of policies educating employees on how to help your business stay secure, and without ongoing education, monitoring and enforcement of policies, it’s likely that best practices in information security are not practiced in your business.
4. Does your IT professional run a number of security tools on your network and all of your servers, workstations and laptops at least once per quarter (ideally each month) and give you an executive-level status update on the security of your network and computers?
Your IT professional should have some formal education in information security, have a complete security toolset, use it regularly, and keep the broker/owner/CEO informed of risks, so that you can take management responsibility for information security and allocate resources to address emerging risks.
5. Have you had a security assessment performed by an independent third party in the past two years, reviewed the results with them, and understood your risks and created a project plan to address those risks?
Information security is a specialized field-it takes an outside, independent expert to reliably assess the risk so that you can take steps to improve your business’s security practices.
If you answered any of these questions with a “No,” then you may want to think about taking a more active role to manage your company’s information security exposure.
Gregg Larson is CEO of Clareity Security. For more information, please visit www.ClareitySecurity.com/