Six Considerations for Strengthening Information Security
4. Defense in Depth. Processes, technology and people all are imperfect, and a system is only as secure as its weakest link. Don’t rely on a single layer of protection for important information. Your donor database server should be in a locked room, protected by an additional onboard firewall and password-controlled access.
5. Continuous Improvement. Threats and technologies constantly change, and so do business needs. You should regularly review systems and processes, as well as shut down old systems that no longer are being used. Also, keep software patches up to date — most software breaches exploit weaknesses for which a patch had already been released by a vendor.
6. Enable, Don’t Obstruct. If you make a habit of always saying “no” to requests for new information processes, people will resort to circumventing your security measures in order to do their jobs. Find ways to meet colleagues’ needs while still keeping data secure.
By taking a holistic approach, organizations can establish more effective information security to protect important data from getting into the wrong hands.
To contact David Crooke, founder and CTO of constituent relationship management service provider Convio, visit www.convio.com.