Most modern corporate headquarters have fairly elaborate security methods, which include cameras, electronic locks, sign-ins, guarded server rooms, and background checks for employees. But when dealing with non-Fortune 2000 companies (where most innovative software comes from), should you take that for granted? Do they actually have similar security safeguards as the largest companies?
Security is important in today’s world, but it isn’t easy to implement, particularly for smaller companies. Companies such as banks and other financial institutions, as well as insurance companies and health records firms, need to protect their data and they need their vendors to do the same. Loss of confidential data can be very damaging both to a company’s reputation and to its bottom line.
Startups are popping up in incubators everywhere and many of their ideas and products are inventive and exciting. Not to discourage this atmosphere of innovation, but we also need to recognize that without some infrastructure, these companies are not equipped for sensitive corporate demands.
An incubator is the last place you’re going to find security for confidential documents or privacy for telephone exchange of credit cards, social security numbers or customer names. Someone’s home or “garage” is also unlikely to be adequately secure. Cloud-based shared servers hosted in an inexpensive location are not typically vetted with highly screened security personnel. Likewise, backups of critical software or data, along with redundant infrastructure for disaster recovery, aren’t always available.
So how do you prepare for Fortune 2000 market requirements as a start-up or smaller company? In no particular order, here is a likely (incomplete) list of what you’ll need to do:
- Establish policies for handling and destroying confidential documents
- Educate employees on the importance of security and confidentiality and perform audits on the state of training and security practices
- Make sure all visitors are signed in and escorted
- Screen consultants and restrict code and documents
- Destroy confidential data as soon as it’s no longer needed
- Conform to relevant industry security guidelines
- Screen your employees and contractors for criminal and financial issues
- Store servers and other sensitive data repositories in a secure, guarded location with criminal background screened personnel
- Establish strong computer passwords
- Keep VPN access standards high
- Encrypt document transfers
- Set-up automatically locking doors and a security alarm
- Install video cameras with recordings at all your entrances
- Establish redundancy with regards to your key equipment
- Establish disaster remediation and recovery plans and test them
With over 20 years in the business of providing mission critical products to the financial, insurance, health records, and electronic content management industries, every time Snowbound thinks we’ve got it all covered, something new is requested. With the inventiveness of the bad guys out there, the pursuit of security for data is never-ending. Keeping your customer’s data safe and their business secure is a key pursuit for running a successful business.
Any additions to the list or comments??