When thinking about security, don’t limit your viewpoint to issues such as break-ins and employee theft. Inadequate information technology security can wreak havoc on your company. McAfee, which specializes in computer security, recently released a list of the top ten security topics every executive should be aware of – whether they work in IT or not.

1. Opportunistic Attacks When computers started really proliferating, hacking was generally rogue behavior by young people as a personal challenge or dares among peers. Today, it is a coordinated effort for financial gain. Goals include stealing credit card or other personal information, laundering money, and forging documents. Often these professionals use automated search tools such as .bots to explore your data. These attach to individual computers in many ways, sometimes as a result of searching popular topics. For example, in 2010, searches about Cameron Diaz, Julia Roberts, Jessica Biel, and Brad Pitt were particularly vulnerable.
2. Targeted Attacks These hackers are looking for company or government secrets. Instead of the random approach of opportunistic attacks, these are focused on selected organizations to gather specific information. Some of these incidents have made the news in recent years.
3. Protecting Virtualized Environments Many companies are using virtual systems for convenience and cost savings. There can be a perception that virtual systems are safer, but these platforms are at risk as much as physical ones. There are good security packages for virtual environments that do not affect performance.
4. Enabling the Consumerization of IT Chances are your employees are using smart phones, tablets and laptops to access your data. Your company may even supply these tools for convenience and cost benefits. The challenge is protecting your IT system with this constant inflow and outflow of data. Customer information, intellectual property and other company secrets are at risk.
5. Leveraging Cloud Technologies Securely Cloud computing makes business sense for many reasons such as convenience, cost and access. When working in the cloud, it can be challenging to balance appropriate access with risking data. New technologies create the need for new protection systems.
6. Facilitating Safe Web 2.0 Facebook, Twitter and other social media platforms are based on interaction. It is almost impossible to block your employees from these tools, and doing so can compromise your company’s ability to take advantage of the business benefits of social media. At the same time, the more interaction, the higher the risk.
7. Protecting Information Your data is at risk from malicious behavior, but also due to carelessness from your employees. Familiarity breeds contempt of security measures set to protect your private information. Employees may choose an easily-remembered password that would be simple for a professional to discover, leave thumb drives in a purse or on a key ring to be easily stolen. Both computer security and company policies are needed to address this issue.
8. Securing the Modern Data Center Data Centers are constantly balancing security issues with access and flexibility. Too many rules affect the ability to run a business smoothly, too few and your entire company is at risk. It’s also hard for larger departments to keep up with technology changes, which can mean that they are constantly one step behind the current patterns of use.
9. Security Alignment as a Business Enabler Customers are extremely aware of the risk that their data may be compromised. Many people are choosing their vendors based on evidence that the company is paying close attention to their customers’ information security. Do you have the right protective elements in place to ensure that your customers are comfortable doing business with you?
10. Reducing Complexity and Chaos While Achieving Connectedness From simple workstations, company IT systems have expanded to include mobile devices, the Internet, internal networks, wireless connections and virtual everything. As new applications come on the scene and tools change, security has to keep up. It’s important that all of your security systems are integrated and talk to each other. Your IT security also needs to be part of your company’s strategic plan. Otherwise, you may be spending more than you should on a security system that isn’t really meeting your needs.

At Guardian, we can make sure that you are as protected as any company can be against traditional brick-and-mortar security problems. We also feel that it is our responsibility to keep you aware of your total security responsibilities. We can make sure your hardware is controlled and protected – the rest is up to you. Spend some time with your technology professionals to make sure your company is where it should be for technology security.

You may or may not have someone in your organization assigned to security. You may be the person who handles any security concerns. But if you don’t involve all of your employees, the best security plans in the world can fall apart.

There’s no point in having strong doors if your employees prop them open for ease in getting in and out of the building. Computer passwords are useless if everyone posts them on their bulletin boards to help them remember. Straightforward policies that are explained and enforced are important in any business, no matter what size or type. Here are some ideas to consider as you start building a policy to keep everyone in your company, as well as office, restaurant or store property, safe.

Think simple.

This is no time for lawyer-speak. It’s not about protecting you from liability as much as it is about protecting against problems occurring in the first place. Everyone needs to understand.

Think complete.

Security includes property, employee, customer and data safety, not necessarily in that order. Your policy should address every area.

Think “what if.”

One good way to involve your employees is to ask for their help in considering as many contingencies as they can think of and security policies that will reduce or eliminate risks.

Think check-lists.

In hospitals, medical personnel – even those with years of experience – found that using checklists significantly reduced the number of errors or omissions. Creating one or several checklists helps to ensure that security doesn’t start to slip over time.

Think measurement.

You need to make sure your policy works. The best way to do that is to set defined expectations and then measure them. This encourages everyone to keep track of security issues on a regular basis.

Think accountability.

Make sure all security responsibilities are assigned to specific people. This limits the opportunity for excuses later and encourages employees to take their role in company security seriously.

Think consequences.

Violating the security policy is not an excusable offence. When you outline the policy, also outline the consequences for not following it. Make sure the consequences are real and that you apply them without exception. The first time you let something go, your policy has lost its power.

Think current.

Last year’s policy may not cover new problems or concerns. Be sure to review your policy once a year, or if something changes such as a move to a new building or opening a branch office.

Just do it.

Don’t rush through on your policy or let it slide down the priority list as other business issues surface. The requirements of running a business at the moment always seem to trump the need to address long-term concerns. You just don’t want to be that company that has a serious problem because you never found time to address the policies you need.

If you have a strategic plan, make sure writing your security policy is in there, with deadlines and milestones. Give this effort as much respect as you give your bread-and-butter work. This is not an attempt at scare-mongering, but too many companies have ended up in trouble by ignoring security issues. Make a commitment to safety and your organization can only benefit.