It can be comforting to think that the people safeguarding the HR files stored on your network have it all under control. Before you add even one more sensitive file to the server, find out just how secure your systems truly are by asking IT these questions:
1. Who here knows how a hacker thinks? Someone needs to be able to tap into the mindset of the bad guys and stay on top of the techniques they would likely use to access your data.
Has IT assigned someone to try to get in and do their worst? Does this person know what the second step in the criminal process would be, where data would go next and whether it’s more likely to be used against you, held hostage or sold?
2. What would the first signs be that we’ve been hacked? IT should be able to pinpoint the red flags that something’s gone wrong. They should define the types of hack attacks so a website’s odd behavior is not a total shock. Ask for specifics.
3. Who would get the alarm, and how? You should be able to sleep at night knowing that in a worst-case scenario, there’s no instance in which IT would not wake up to the threat within minutes.
4. How long would it take to restore everything from backup? What if IT tells you it’s going to be six days before all systems are back online? Or 12? Or that server content has to be stitched back together in a way that will slow you down for weeks? Again, request specifics. If IT can’t offer them, bring in consultants who can.
5. How physically protected are our servers? In case of a physical disaster—storm, flood or even a break-in—have someone assure you that there’s nothing more that can be done to reinforce air conditioning systems, get machinery off the floor or secure locks and passcodes. Data security often comes down to building tangible things that are tough to break.
- How to Fire an Employee the Legal Way: 6 Termination Guidelines
- Ask attorney for help in structuring joint ventures to limit employer liability
- Firing after FMLA leave makes ADA request irrelevant
- Protect against retaliation suits by conducting independent and 'blind' internal investigations
- OSHA protects accounting whistle-blowers