As a child, I recall my father boxing up the handwritten invoices from his lumberyard at the end of each business day and placing them in a large closet-size fireproof steel safe; the same safe that we used to store the handwritten ledger books.
Computers had not yet been introduced to the LBM industry, and our information was stored in the safe. Access was limited to a few employees who knew the combination.
When the week ended, we would drive the box of invoices across town to our CPA so that he could prepare customers’ accounts receivable statements using a posting machine. At the end of the month, we’d receive financial statements. It was that simple.
Fast forward to today: Pro dealers now store all information—email, accounting software, spreadsheets, and other documents—on computer servers. Often the data is housed in more than one location.
We grant access to the information based
on an employee’s job title or responsibility. A salesperson may have access to sales order processing, but most likely will not have access to the general ledger. Some employees have access to the company server from their home
or from a remote office.
The steel safe that had limited single-dial access has been replaced by a computer. And the computer—unlike the steel safe, where the only way to obtain the data in the safe was by being physically located in the building—makes info available on the Web to the world.
Now, more than ever, protecting data must be taken seriously. At least once a week, we
hear of major security breaches at large companies, including those on the Fortune 500 list. Dealers regularly audit financials and review insurance, but how often do you audit your information technology?
Consider hiring a professional firm to perform a security audit. In most audits, companies receive reports and recommendations that review firewall policies, desktop access, data storage and backup, internal processes for setting up new users or abandoning users, and antivirus protection.
The No. 1 issue that I encounter with computer users revolves around passwords. Many users implement easily hacked passwords, such as their name. Most systems today can be programmed to require a complex password containing numbers, letters, and special characters. These can be set to expire quarterly.
Another security concern is open wireless networks. People install Wi-Fi to make it easy for people with laptops, tablets, or smartphones to access the Internet. Unfortunately, these are often on the same network as the internal company network. Keep them separate. Next-generation wireless routers allow network separation, referred to as "public" and "private."
Further concerns include file shares where data can be placed on a computer at work and shared with a home computer. I get nervous when my data is in more than one place—one of those places may not be secure.
When looking at your security, always play it safe. Lock your data down as much as possible, while giving employees access on an as-needed basis.
Chris Rader is president of Rader Solutions, a Lafayette, La.–based IT company that services the construction supply industry. Contact him at firstname.lastname@example.org, or 337.205.4652.