We’ve all heard the stories. A disgruntled IT employee takes down the entire network, costing the company hundreds of thousands of dollars in lost revenue and repair costs. If you think it can’t happen to your small business, think again. It is important for your small business to remain in control of your information systems infrastructure at all times, even when you are outsourcing the work.
For most small business owners, time is limited. Even for those small business owners who are tech savvy, IT work takes away from daily business, cutting into the company’s bottom line. But whether you’re technically-oriented or not, there are several steps you can take to protect your company against an in-house technological attack.
The most important thing a small business owner can do is always remain in control of your company’s technology. While you may allow someone else to do the day-to-day work, you need to be aware that you are in charge of your company’s policies. In its article When I.T. Goes Rogue: 5 Ways to Protect Your Business, Business, PCMag.com recommends putting a signed, documented policy in place to help protect your company against liability. Additionally, if you are dealing with outside vendors, make sure you have a written, signed contract that details what you expect and what you are not to be held responsible for in case any illegal activity should take place. If the IT consultant is a member of your staff, the signed IT policy should take care of any liability.
If your company chooses to outsource its IT work, PCMag.com recommends using an approved partner of a company like Microsoft, Cisco, or Trend Micro. Check references and do online research, as you would with any vendors.
Many security problems arise after an employee has been terminated. Unfortunately, with IT staff, it’s often necessary to grant access to sensitive data, with IT staff holding all passwords and full administrative rights. Make sure you or a trusted member of your staff have access equal to or greater than your IT consultants and institute a checks-and-balances system that avoids giving IT staff sole technical knowledge of your company’s sensitive data.
If an employee is terminated, especially an IT staff member or consultant, have a policy in place that disables all of that user’s accounts immediately. Even if that employee is no longer allowed into the building, damage can be done remotely. Deactivate email as well, which will block an employee from sending derogatory emails that could single-handedly destroy the reputation you’ve worked so hard to build. Make sure you or a trusted member of your staff know how to disable accounts, should your IT staff person be the one who is suddenly terminated.
While you can’t possibly be expected to handle every aspect of your business, putting too much reliance on IT staff can be dangerous. Make sure you are fully aware of the technical operations of your business and take measures to protect yourself against vengeful attacks.