Are You Doing Your IT Due Diligence?
The words “due diligence” may make you think of a courtroom drama on television. Surely, that’s something only lawyers have to worry about? Not so fast. Due diligence is something your business can be doing, too. Are you covering the basics?
Due diligence is about taking care and being cautious in doing business. It extends to how you manage your technology, too. You may think you’re immune to a data breach or cyberattack, but cybercriminals can target you regardless of business size or industry sector.
Depending on your industry, you may even have compliance or regulatory laws to follow. Some insurance providers also expect a certain level of security standards from you. The costs associated with these cyber incidents are increasing, too. Don’t leave your business vulnerable.
What due diligence involves
Technological due diligence requires attention to several areas. Generally, you’ll need to show the following:
1. Each staff member has a unique login. Require complex, distinct passwords. Educated your people to protect these (e.g. not write them on stickie notes that sit on their desktop).
2. You have a process in place for regular data backup. We recommend a 3-2-1 backup strategy. Keep three copies of your business data. One on the cloud with the other two on different devices (e.g. on your local computer and on a backup USB drive).
3. You patch and upgrade security consistently. Ignoring those reminders and waiting for the next release is risky.
4. You’ve installed antivirus software or better, next-generation endpoint and server protection. You won’t know your computers are infected until it’s too late. Be proactive.
5. Email filtering is in place. These filters help protect your business from spam, malware, phishing, and other threats.
6. You have installed firewalls to monitor and control ingoing and outgoing network traffic.
7. You limit user access. Instead of giving everyone full access, set conditions based on role and responsibility. This approach minimizes vulnerabilities.
8. There are physical security procedures to limit access to your environment. You might install security cameras, fence a perimeter, and require RFID scanning in protected areas.
9. If your company lets employees use their own phones, laptops, or tablets, have a Bring Your Own Device (BYOD) policy in place. Installing mobile device management software is useful, too (and we can help with that!)
10. You test your security, too. You can’t take a set-and-sit approach to securing your network, systems, and hardware. Ongoing testing will help you identify risks, repair vulnerabilities, and protect your business.
It can also help you to prove that you’re being diligent by:
keeping copies of any training provided and employee handbook messaging;
updating your organizational chart regularly;
vetting contractors/vendors before granting them access;
having a policy in place that quickly denies access to any former employees;
inventorying all devices on your network.
IT due diligence protects your business. Meeting these security standards can also cut costs and preserve your brand reputation. Demonstrating vigilance helps you avoid hefty compliance or regulatory fines and fight litigation. In the event of legal action, you’ll also want to prove the efforts you made. So, be sure to thoroughly document all IT security efforts.
Due diligence doesn’t have to be difficult. Our experts can help you determine the best preventative measures for your organization. Some business risks will pay off, sure, but when it comes to your IT, caution will have the best results.