Today’s interconnected world is an interdependent world. No matter how many precautions you take to protect your data’s security, technology has forced you to depend on other people’s diligence to share your passion for protection. You don’t have a lot of control over the weakest link in your online chain. But asking how your IT consultant handles your information can help you gain better control where it’s possible.
So, here’s the question you need to ask: How do you handle my information, including your access to my systems?
And, here’s the discussion that needs to follow:
Your IT consultant must follow the strictest protocols available to protect all the information you provide. This includes access to your servers, routers (including repeaters or boosters for Wi-Fi networks) and computers that store your information or have access to wherever you store information.
An individual provider, such as Sterling Rose, can handle your data security differently from a large support organization. It’s not that one type of provider is better for a particular client; it’s more a matter of tailoring protection procedures to meet real-world needs and being diligent about following them.
We can keep all of our clients’ information in one place that can be accessed by only one person, and that helps us build a strong wall around (and roof over) the user names and passwords for your systems. With the ability to securely access the information from a desktop computer or mobile device, we can service a client from anywhere.
We protect that information in a number of ways. These are just a few of them:
- We regularly use two-factor authentication, which requires more than just a password. Every two-factor system has its own set of additional requirements, but the net result is that a hacker or robotic system cannot provide the necessary response. (We’re sure somebody is hard at work to defeat two-factor authentication, but right now, it works.)
- We use long, complex passwords with upper- and lower-case letters, numbers and special characters. Those are always impossible to crack using the latest available algorithms – at least for now.
- We use systems that require us to re-log in every 14 days and change our passwords and authentication information. It’s a major inconvenience for us, but it’s much more convenient than having to explain why we need to react to a security breach.
A larger IT service provider with multiple technicians available to service a client can also store information securely in one place, but all the technicians need to access it. Some questions you should ask include:
- Where do you store my information?
- How do technicians access my information?
- What protocols do you follow for user names, passwords and other authentication?
- Are you notified when my information is accessed, and are you able to track who accessed it?
Your IT consultant must be able to advise you on the best security measures to take within your own organization. They should be able to help you design and install a set of procedures for any point at which information is accessed, such as:
- Accessing specific files or categories of files from within your office or offices that are stored on your own server or on a server hosted by a third party (a cloud provider)
- Accessing that information from a remote location, such as a home office, where you can install and monitor security measures
- Accessing that information from a remote location, such as a customer’s place of business or a public place, such as a coffee shop or airport, where you cannot verify the security of a network.
You may also need to set up encrypted email, which we did for an insurance business. Our client reasoned that while they can control exchanges with their clients, they cannot control what happens when their clients communicate with others. Our client needed to be able to show that their security measures would stand up to an outside audit.
If you have any questions about how we handle your information, feel free to contact us at any time by email or phone – 973-433-6676. We would be more than happy to review our policies and procedures in general and for your information in particular. We can also help you develop and implement a security program for your business – or home – system.