Due diligence is about taking care and being cautious in doing business. As technology pervades most areas of business people forget that due diligence also extends to how you manage your technology! You may think you are immune to a data breach or cyberattack, but cybercriminals can target you regardless of your business size or industry sector.
Depending on where you live and your industry, you may even have compliance or regulatory laws to follow. Some insurance providers also expect a certain level of security standards from you. The costs associated with these cyber incidents are also increasing so don’t leave your business vulnerable.
What due diligence involves
Technological due diligence requires attention in several areas. Generally, you will need to show the following:
- Each staff member has a unique login with a complex and distinct password. Educated your staff to protect their passwords and not to write them down or stick them to their computer.
- You have a regular backup process in place. We recommend a 3-2-1 backup strategy. Keep three copies of your business data: One in the cloud and the other two on different devices (e.g. on your local computer and on a backup USB drive).
- You patch and upgrade your software regularly. Ignoring the upgrades is very risky.
- You have installed antivirus software. Antivirus software is not the be all and end all as security software is not 100% accurate. You still need to take all standard precautions though and include this with the other methods listed here in this article.
- Email filtering is in place. These filters help protect your business from spam, malware, phishing and other threats from entering your network.
- You have hardware firewalls to monitor and control ingoing and outgoing network traffic.
- You limit user access. Instead of giving everyone full access, set conditions based on their role and responsibilities. Doing this will minimizes the areas in which malware can target and infect.
- There are physical security procedures to limit access to your work environment. You might install security cameras, fence a perimeter and require other security methods in high risk areas.
- If your company lets staff use their own phones, laptops or tablets, have a Bring Your Own Device (BYOD) policy in place. Installing mobile device management software is also useful (and we can help with that!)
- You test your security, too. You can’t take a set-and-sit approach to securing your network, systems and hardware. Ongoing testing will help you identify risks, find any holes and then allow you to repair any vulnerabilities.
The following will also help you to prove that you’re being diligent by:
- keeping copies of all training provided and employee handbook messaging;
- updating your organizational chart regularly;
- vetting contractors / vendors before granting them access;
- having a policy in place that quickly denies access to any former employees;
- inventorying all devices on your network.
IT due diligence protects your business. Meeting these security standards can also cut costs and maintain your brand reputation. Demonstrating vigilance helps you avoid hefty compliance or regulatory fines and fight litigation. In the event of legal action, you will also want to prove the efforts you made. So, be sure to thoroughly document all IT security efforts.
Due diligence doesn’t have to be difficult. Our experts can help you determine the best preventative measures for your organization. Some business risks will pay off, sure, but when it comes to your IT, caution will have the best results.