Abstract
Security is a critical issue that tends to be overlooked by so many businesses yet it is of much significance to the operation of any given business. This includes security of both information system and also business property. Poor information security may lead to poor performance since competitors are most likely to have access to the business documents, data and workflows.
It is therefore the obligation of any particular business to ascertain appropriate security of information from the intruders and promote accountability as far as business property is concerned. This bid is a simple proposal of a workable security system within an organization to ensure business information is properly guarded against any intruding persons and guarantee maximum protection of business property.
Introduction
Information is a very vital issue to a business and hence should be given first priority at any given time. To come up with an effective security system for both information and property within a business; assets, threats and available resources must be put into consideration. This security system has been designed for a small business and it safeguards information and property from intruders.
Methodology
Information security system
Business information may include but not limited to information on employees, consumers, commodities offered, financial status of the business, business policies and also future plans of the business hence such information should be inaccessible to everyone ranging from the business employees to the outsiders including competitors.
To protect business gadgets from damage by viruses, spyware and other malevolent codes, a regularly updated anti-virus and anti-spyware should be set up in all the computers belonging to the business and also personal computers for employees since some use their computers while at home. The application can be bought from software vendors.
After installing, the software should be set to automatically check for updates and scan the entire system at certain specified times to ensure better protection from any threat.
Internet connection exposes the system to threat throughout hence to counter this, the business has to subscribe to the wireless firewall access from hardware vendors. After installation, the administrative password and name have to be changed immediately followed by frequent changing to ensure hackers are kept at bay at all times.
All computers including those for employees must be installed with active firewall software to ensure all sources of risks are sealed. The organization should patch and update its executive program, applications, business automation products and other products to ensure efficiency in data security. Automatic updates must be turned on for all the windows in all the computers.
Support copies of relevant organization data need to be made on a separate disk regularly for easy retrieval of data in case of computer breakdown, hard disk fail, floods, fire and even theft. These files may include word documents, electronic spreadsheets, databases, financial files, human resources files, accounting files and any other relevant information.
This has to be made automatic and the separate disks kept elsewhere from the business premises followed by regular checks to ascertain that the stored files can be read.
The computer room needs to have automated door system that is sensitive to fingerprints. This implies that only business employees will have access to the room. A database must therefore be created to carry all the fingerprints of employees. The computer room has to be fitted with a CCTV inside to monitor the activities of the users.
This will help in accountability among employees for all their actions. It should be made a secret and no one should be able to locate it. The door system needs to be set such that only allow access during business operating hours and days.
A separate database has to be made to store very critical information to the business that can only be accessed after common accord among the managerial staff. It has to be set in such a way that in case of any access to it with or without permission, a security message is sent to all the executive staff and the IT personnel.
The business needs to contract an IT firm to install all the above software, create databases and set up the files back up system. An IT personnel has then to be employed to maintain the system and update it whenever necessary.
Policies
Physical access to computers must be highly limited and computers have to be positioned in such a way that displays are not easily visible to passers by. There should be an effective system incorporated as far as staffing is concerned. New staff should be properly vetted.
Employees should also receive proper training on information security. The business should create separate accounts for all the employees with passwords that cannot be easily guessed.
No staff at any given time should be allowed to browse using administrative accounts. This will help limit set up of unwanted software. After any online transactions, all the history, caches and cookies should be deleted to avoid anyone tracing the links. The organization should ensure staff has limited access to important business information.
The authority to give out information concerning the business has to be limited to a few especially the management. This will help curb the issue of social engineering used by many hackers and spies. Employees should sign a commitment promising to safeguard business information under all circumstances.
Property security
The business should contract a security firm to be in charge of general security of the business property and personnel. There has to be limited entry and exit points into and out of the business premises respectively.
Business property needs to be labeled to minimize theft cases among employees. The contracted firm has to sign an accord to guarantee protection of the enterprise from interlopers and business property from damage or theft.
Conclusion
Information is an important tool to any business hence it is the business obligation to ensure information security. Any leakage of this information might lead to unhealthy competition and bring adverse effects onto the business.