In the LBM Industry two items that dealers do not like to talk about are “termites” and “theft.” What about computer security?
Computer security must be addressed by dealers and often it is placed on the back burner. Computer security must be treated as an exercise program in that you need to “stick with it every day.” Here are common sense security items that dealers must address in order to maintain a high level of security.
Passwords Change passwords every 90 to 180 days at a minimum. Use complex passwords that include special and case sensitive characters and numbers. I have been at companies where all employees use the same password. This is a “no, no.”
Administrative Passwords These should be shared by very few people. These are sacred are keys to all company information. Administrative passwords control all other passwords.
Remote Access On a monthly basis ask your IT or HR departments to verify all users that have remote access to your computer system. But don’t stop there. Go deeper, verify programs and permissions. When people change jobs do we change access to information?
Wireless Access At a minimum make sure your wireless network has a partition for public access that isolates your private network and verify that you are using the latest encryption. The key should also be changed if an employee leaves your company.
DropBox, GoogleDrive, and SkyDrive are file share programs used to share documents within organizations and with customers and vendors. Understanding who has access to folders and who has permissions to modify users must be understood by management.
If you are using a file share service and you have a recently terminated an employee, you will want to know ahead of time where the files live and who has access to add or delete the files. If not, you might have released these files forever.
File Sharing in Windows Most companies are set up with people in groups that are location or department specific. For example, all employees in Boise may see files in Boise, but not those located in Seattle. At the same time, departments like AR, AP, GL, and others may also have their files in a directory that are secure. At least once a year you should verify the structure and test folder permissions.
Email Never send any highly confidential information via email without encrypting the email. And, even if the email is encrypted, it will still reside on the receiving end computer and your computer. My rule of thumb is that if I do not want people to know what about the information that I am sending, I choose another method of delivery rather than email. However, I use email 99.5% of the time.
Social Media Do you allow your employees to post work activities on FaceBook? Should you? You surely want to let your customers know about the upcoming employee appreciation picnic, but you do not want to post internal employee disagreements. Consider reviewing your computer policy as it relates to social media or the release of information from within the company.
We can’t stop employees from taking screen shots and we can’t stop employees using their smart phone and shooting pictures of computer screens. However, just like management of termites and theft, the more we raise the skill level of our employees and tighten up our controls, the least likely we are to have a security problem.