We spend most of our days making data work for people. But before it can work, two things have to happen. One ? the data has to be there; it can’t be lost because your server crashed or your cloud provider went down. Two – the data has to be secure; you can’t have a laptop with the Social Security Numbers and compensation of the entire executive committee go missing.
But all too often I find that our clients ask the wrong questions about security. Metaphorically speaking, they install a dozen locks and a high-tech motion detector on the front door but leave the windows wide open. So to help assess the level of security risk that threatens your data, I’ve developed this simple quiz. Answer the nine questions below to determine just how vulnerable your data may be.
1. I send emails to the wrong person?
(a) Never ? I’ve modified my email so it doesn’t auto complete and my secretary double checks every email before I send it. (10 points)
(b) It only happened once – I’m much more careful now . (5 points)
(c) Speed is what matters. If the wrong thing goes to the wrong person once in a blue moon it’s a small price to pay. (0 points)
2. When an employee leaves the company?
(a) Their accounts are disabled immediately and their activity for the last 2 months reviewed. (10 points)
(b) We make sure to copy down their passwords so we can get into all their key files. (5 points)
(c) We take them for drinks at the local bar. Great 2 for 1 specials. (0 points)
3. Employees share passwords with one another…
(a) Never – it’s absolutely forbidden and strictly enforced. (10 points)
(b) On rare occasions when it’s absolutely necessary. I mean, the Controller spends a lot of time in meetings and those SOX auditors have made life difficult. (5 points)
(c) All the time – that’s why everyone keeps a Post-It note with passwords right on their monitor. (0 points)
4. Your network is either monitored by your internal IT department or by an outsourced party. How frequently does a third, independent party verify that your firewalls and other network security are in working order?
(a) Once a year – like clockwork. (10 points)
(b) We change providers every 18 months so things get checked then. (5 points)
(c) How much more money do you expect us to spend with consultants like you? (0 points)
5. People can log in from home…
(a) Using an RSA secure ID ? the token that changes effective passwords. (10 points)
(b) Using a basic password to our VPN. (5 points)
(c) Directly from our website ? who needs more aggravation? (0 points)
6. We test our backups… (restoring the data and validating)?
(a) Every six months. (10 points)
(b) We got a new server a couple years ago ? we got the data moved over after a week so it seems to work. (5 points)
(c) You mean that stack of tapes isn’t enough? (0 points)
7. If your computer room was flooded right now…
(a) Our backup DR (Disaster Recovery) site would kick in and those with power could start working from home. (10 points)
(b) We?d quickly move the servers to the top floor of the building. (5 points)
(c) That’s why I’m here networking… (0 points)
8. Crucial data (like Social Security Numbers)?
(a) Is kept secure and reviewed regularly. (10 points)
(b) Was supposed to be secured when we bought the software. (5 points)
(c) Should be free ? we’re all friends. (0 points)
9. My ERP data is?
(a) Entirely contained within our firewall. (10 points)
(b) Connected directly to our ecommerce site ? it’s really cool! (5 points)
(c) Made available directly online ? it is web-enabled, isn’t it? (0 points)
66- 90 points ? Security Risk Minimal. You can sleep soundly.
35-65 Points ? Security Risk Moderate. You?ve made some progress, but you?ve still got work to do.
0- 35 points ? Security Risk High. Call Red Three.
We worry about all kinds of things, but we don’t focus on the basics ? like making sure your tape backup works. Sure there are all kinds of reports of hacks and stolen data, but the biggest security risk is NOT having data. We also frequently forget that some tools ? like email ? just aren’t secure. Human beings are the biggest problem. No matter what you spend on technology, if the members of your organization aren’t security-conscious, you?re going to have problems.
Next month we’ll drill more deeply into how to ensure your data is secure and safe. If you have questions in the meantime, please feel free to contact us.