Are You Doing Your IT Due Diligence?
The words “due
diligence” may make you think of a courtroom drama on television. Surely,
that’s something only lawyers have to worry about? Not so fast. Due diligence
is something your business can be doing, too. Are you covering the basics?
Don't Leave your Business Vulnerable
Due diligence is
about taking care and being cautious in doing business. It extends to how you
manage your technology, too. You may think you’re immune to a data breach or
cyberattack, but cybercriminals can target you regardless of business size or
Depending on your industry, you may even have compliance or regulatory laws to follow. Some insurance providers also expect a certain level of security standards from you. The costs associated with these cyber incidents are increasing, too. Don’t leave your business vulnerable.
What due Diligence Involves
Technological due diligence requires attention to several areas. Generally, you’ll need to show the following:
1. Each staff Member has a Unique Login
Require complex, distinct passwords. Educated your people to protect these (e.g. not write them on stickie notes that sit on their desktop).
2. You have a Process in Place for Regular Data Backup
We recommend a 3-2-1 backup strategy. Keep three copies of your business data. One on the cloud with the other two on different devices (e.g. on your local computer and on a backup USB drive).
3. You patch and Upgrade Security Consistently
Ignoring those reminders and waiting for the next release is risky.
4. You’ve Installed Antivirus Software
You won’t know your computers are infected until it’s too late. Be proactive.
5. Email Filtering is in place
These filters help protect your business from spam, malware, phishing, and other threats.
6. You have Firewalls
You have installed firewalls to monitor and control ingoing and outgoing network traffic.
7. You Limit user Access
Instead of giving everyone full access, set conditions based on role and responsibility. This approach minimizes vulnerabilities.
8. You have Security Procedures
There are physical security procedures to limit access to your environment. You might install security cameras, fence a perimeter, and require RFID scanning in protected areas.
9. Bring your own Device Policy
If your company lets employees use their own phones, laptops, or tablets, have a Bring Your Own Device (BYOD) policy in place. Installing mobile device management software is useful, too (and we can help with that!)
10. Keep Testing your Security
You test your security, too. You can’t take a set-and-sit approach to securing your network, systems, and hardware. Ongoing testing will help you identify risks, repair vulnerabilities, and protect your business.
It can also
help you to prove that you’re being diligent by:
- keeping copies
of any training provided and employee handbook messaging;
- updating your
organizational chart regularly;
contractors/vendors before granting them access;
- having a
policy in place that quickly denies access to any former employees;
all devices on your network.
Protect your Business
diligence protects your business. Meeting these security standards can also cut
costs and preserve your brand reputation. Demonstrating vigilance helps you
avoid hefty compliance or regulatory fines and fight litigation. In the event
of legal action, you'll also want to prove the efforts you made. So, be sure to
thoroughly document all IT security efforts.
Due diligence doesn’t have to be difficult. Cumbria Computer repairs can help you determine the best preventative measures for your organization. Some business risks will pay off, sure, but when it comes to your IT, caution will have the best results.
Please call Cumbria Computer Repairs on 01228 576090 or 01228 217100 for all your tech compliance enquiries.
Visit our website at www.cumbriacomputerrepairs.co.uk