The topic on many people’s mind at the moment is how can we protect our companies and ourselves from terrorism and bioterrorism.
Currently federal, state, and local government agencies are providing increased security to the airline industry, high profile facilities, the mail system, and other known vulnerabilities such as water and utilities. However, government agencies cannot provide the total solution. It is up to us, the strategic planners, to broaden our horizons and begin to think outside the box.
Now is the time to review the security of our facilities, including the security of our business data and information. Having an offsite recovery location is not enough. If your data is corrupted or destroyed, it will be useless. In the past hackers have represented an annoyance and security risk. Tomorrow, hackers or employees may include persons bent on terrorism. The race to make our systems “user friendly” may have created a vulnerability that needs attention.
This means you must be closely involved with the security programs of your organization’s information and data. Controls must exist and be closely monitored as to who in your organization may:
- Create data
- View data
- Update or change data
- And most importantly, destroy or delete data
Good security programs must include background checks on personnel with access to the data and users should be with your organization for a reasonable period of time before being given access to data.
With strong security programs in place there is the comfort of knowing that existing data assets will not readily be destroyed. You can recreate any environment with skills, talent, and dedicated employees. As long as common carriers and private communications vehicles exist, networks can eventually be rebuilt. But without your information assets, the continuity of your business may be in jeopardy.
