By Cindy Boyd, an EO Houston member and co-founder and president of Sentigy, Inc.
So you’ve decided to take your business to the Web. Now what? Based on my 10 years of experience working with companies going online, there are some assumptions – and pitfalls – to avoid. The most common oversight is making network security an afterthought.
Running a business online is no different from operating a traditional business. Risk management always plays a key role in decision making and the successful management of your operations. For example, if you accept a customer’s credit card, you are accepting a certain level of risk. To mitigate that risk, you create a bad debt allowance and perform credit checks. With computer security, there are best practice policies and procedures that can accomplish the same thing, although you must now consider how you operate in a “virtual” networked environment, as well as in your more traditional setting.
The bottom line is about managing your risk proactively before you get into a reactive mode, when a breach of security has already happened. Here are some important things to consider:
The question is: “How do you protect your business when you may not even know where to begin?” The answer lies in first identifying what is at stake, what you are protecting and where it resides. You need to make sure that your proprietary data remains confidential and that the company’s information integrity and availability is secured. The less reliant you are on a specific system, the less concern you have regarding risk management. The same applies to confidentiality. If the majority of your data is generally public in nature, you have less risk of exposure. Once you understand exactly what and how much you must protect, the degree of security effort required becomes more apparent.
Select a Host
In my experience, many companies make decisions to outsource data hosting based on the level and the amount of data they want to secure. Hosted solutions can readily ease the risk management burden if handled properly. The challenge for the business owner is to ensure that the service level agreements realistically meet your needs. For example, the data may be secure, but you can only access it for one hour— not a viable option for most organizations. The service level agreement becomes yet another layer of risk management for both you and the service provider, but by clearly stating the business agreement so that both parties understand the implications and actions in effect, the risk is shared in a manner that is mutually beneficial.
Compliance and integrity are also issues that companies find themselves frequently addressing. The organizations that are most successful in moving their businesses to an online environment understand what they are protecting and the inherent risks that need to be addressed. With that information, they can seek the appropriate level of help and security to ensure their online business venture remains a continued success.
As seen in the previous examples, however, accidents will happen in a networked world, and it often pays to work with expert advisors to ensure you’ve covered all possible risks and eventualities. An experienced service provider can steer you in the right direction and help identify the risks you may not have considered, and then help you manage the risk based on his or her cumulative experiences and knowledgeable recommendations.
Testing is Key
What else can be done to protect your business against unexpected security breaches? Testing is critical, and once you have tested, test again and test often. Once you have identified your data, outlined your web application and prepared yourself for the online world, testing absolutely everything will illuminate most of the possible gaps. These gaps could range from security challenges and functional issues to crisis-responsetime issues because of the sheer volume of data. Regardless of the challenges that are uncovered, the advantage of testing is that you can identify issues internally before they become an external customer or marketplace problem.
Finally, never let the threat of security breaches prevent you from implementing a great business idea. Just make a point to manage the potential risks from the inside, right from the start, before they cause your valuable information to escape into cyberspace.