How to question security at your company? (mini-whitepaper)
The following are good questions to do/answer about security at your company (some may or may not pertain):
- Are employees trained and appropriately monitored with how to stay safe (on the computer/online)?
- Are cash-handling processes, flow, etc. documented well?
- Are wireless communications locked down or protected?
- Are your cash registers, networks, and procedures correctly up-to-date with the latest software updates?
- Do your terminals for the call center display only necessary information about customers?
- Are the facilities well maintained and well-lit for safety, not only for customers but also employees?
- Is physical access control in place and used well?
- Are your defenses developed and well maintained with new updates in virtualization and private clouds?
- Are doors, walls, and windows properly resilient?
- Are there proper security measures in the parking lot, such as cameras, fencing, lighting, call boxes, patrols? (Probably best for large companies with huge parking lots)
- What are the hours of operation?
- Can the HVAC system be used as a portal to your company? (In other words, can people get in to the HVAC system and get into your building?)
- What are consequences of physical disruption of the HVAC system?
- For the loading docks, do you have a visual record of each delivery and associated personnel? Do you know each delivery person, are they commonly the one who do the deliveries, and do they deliver similar amounts of good each time?
- Is the loading dock ever left unattended or does someone maintain it all the time (people change shifts as needed)?
- Can security systems be connected to inventory systems? Does it increase efficiency?
- Are your employees trained to recognize and properly handle a suspicious package? Do you have common rules established for it?
- Are all records appropriately encrypted, locked up, or any other way protected?
- How does data get destroyed, if needed? Paper shredder? File deletion?
- How are records secured when they are transferred to you, whether physical or digital?
Thanks to CSO for inspiration!