Friday, June 3, 2011
Lesson #41: Security Considerations for Your Startup
Security is certainly not one of my glitzier topics, but it is equally important to discuss for any startup business. And, security has multiple levels: (1) the physical facility and files; (2) electronic files and internal systems; and (3) your website and other externally accessible systems.
When locating and setting up your office, make sure that: (i) the building is secure, with a doorman or keypad entry; (ii) your office unit is secure, with dead bolts or alarms; (iii) any rooms with sensitive information or equipment, are locked at all times; and (iv) any file cabinets with important or confidential documents are locked at all times. This will prevent any external theft and limit internal access to key documents on a "need to know" basis.
In terms of protecting your internal intranet and electronic records, make sure that: (i) access to your entire systems are password protected by user (so you can track activity person by person); and (ii) for any shared file drives, limit access to such drives to employees in the respective departments that need to access such information. And, never publically store any sensitive documents, like employee records, contracts, financial information, ownership records, website code, that you do not want desiminating through the entire office. And, it makes sense to save any shared files as "read only", to prevent any unauthorized changes to the base documents.
In terms of protecting your website or other external access to your systems, make sure that: (i) there is a firewall installed that prevents external hacking into your systems; (ii) any confidential information, like credit card information, is encrypted and stored on secure servers; and (iii) that your server room is secure in a controlled environment (with air conditioning and fire protection).
You just never know what "evil" is lurking in the night, both by disgruntled employees or competitors sniffing around for information. So, better safe, than sorry.
For future posts, be sure to follow me at: www.twitter.com/georgedeeb