So we have a security policy, and we use this to drive the systems and procedures to do the very best we can to protect our – and our client’s – information and IT assets. In principle, a security policy is simple – it defines what is to be secured, who should have access to secured (I like the term “sensitive” here) information and under what circumstances, and what to do in the event of a breach or suspected compromise of the data. No two security policies are identical. At Farpoint Group, for example, we treat all information as sensitive unless otherwise indicated. No sensitive information is made available to anyone without (a) a need to know, and (b) a Farpoint Group Confidential Disclosure Agreement in place. We keep all other information about specific systems and procedures confidential – there’s no point in waving a red flag in front of a hacker. We maintain a fairly low profile and, again, are as careful as we can be. The business depends upon this. It’s critical.

Unfortunately, when it comes to security, you’re never done. Each new day brings a potential new threat, and you need to keep up to date on both problems and solutions. This is a big challenge for small, non-IT businesses. You may want to hire a consultant to get your initial security policy and corresponding systems and procedures in place, but also for periodical updates and changes. But no matter how you proceed, keep security at the top of your IT list. If a network, wired or wireless, isn’t secure, it’s not really a network – it’s an invitation to disaster.