December 27, 2017

Information Security Procedures, Practices & Checklist

Small Actions for Big Wins is an information security checklist that outlines the most commonly overlooked information security practices that can help small businesses avoid many of the risks their operations face. The checklist focuses on easy-to-implement actions that won’t break the bank of the average small business.

PHYSICAL SECURITY
Does your business...
  • Have locked filing cabinets for documents that include customer information, employee records, financial data, and other sensitive material?
  • Use laptop locks that prevent physical theft?
  • Use secure, off-site storage for documents that you are legally required to retain?
  • Prohibit the use of unsecure recycling bins at employees’ workstations?
  • Have secure shredding containers for safely disposing of documents?
  • Securely destroy old hard drives once they are no longer needed?
  • Have a secured area that can’t be accessed by anyone without a key or security pass?

Did you know that most fraud is committed by employees? That makes it even more important to store or dispose of documents securely!

DIGITAL SECURITY
Does your business...
  • Encrypt smartphones so that data is secured even if the phone is lost and recovered by someone outside the company?
  • Regularly update your computer software to ensure that security holes are patched?
  • Backup sensitive data to a secure, off-site storage facility?
  • Ensure that employees regularly change their passwords?
  • Prohibit employees from leaving passwords written on their workstations?
  • Limit access to network folders with sensitive information?
  • Have anti-malware software installed on all computers?
POLICIES, PROCEDURES AND TRAINING
Does your business...
  • Have rules regarding the proper document management that includes storage and disposal?
  • Have rules regarding the removal of equipment, data and documents from the office?
  • Have rules regarding proper document management when working remotely?
  • Train new employees on information security policies and procedures?
  • Provide regular (semi-annual or annual) refresher training on information security policies and procedures for employees?
  • Perform information security audits to ensure that employees are following policies and procedures?
  • Make adherence to policies and procedures part of employees’ performance review process?

If you answered “No” to any of the questions on the checklist, there is room for improvement in your business’ information security practices. The good news is that all of the items featured on the checklist are easily implemented at a minimal cost.

Learn more about how to implement some of these best practices by visiting the Shred-it® Resource Centre at shredit.com.

To learn more about developing a comprehensive document management policy, visit here.

To learn how to encrypt your iPhone or Android phone, visit here.

Get the Info Sheet