Effective Information Security uses a layered approach 


Physical security.

In terms of Information Security, this not only means keeping your business premises secure from intruders,but also to keep sensitive information physically separated from staff that do not need access to it.

Make sure that:

All doors and windows are locked when not in use.

All intruder alarms are working and serviced regularly

Consider the use of CCTV on the outside of your buildings and make sure cameras can see all entrances to your site

Keep computer equipment by physical security devices when used in public areas.

Consider these portable locks for all laptops.

Never leave a laptop on your desk overnight.

Keep Servers in a separate locked room

Backups devices such as portable drives, tapes and Memory Sticks should be locked away when not in use.

All backups should be encrypted

 Logical Security.

This will protect you from computer based attacks either externally from hackers or internally form malicious staff.

Make sure that Anti-virus and anti-malware products are installed on all computers.

Make sure that they are configured to be updated daily and perform full scans regualrly

Make sure that internet routers are properly configured with a secure firewall.

Restrict access to your systems to only users and sources that you trust

Each user must have their own login credentials

Make sure that strong passwords are enforced and are changed regularly

This should also apply to WIFI passwords.

Make sure that user accounts are disabled as soon as a staff member leaves the organisation or is absent for a long period such as maternity leave.

Free Information Security Questionnaire Template

Download our Free Information Security Review Tool 

See Part 3 for the final instalment in this series