During this edition of Factory Week, our tech team has been focusing on upping security, both institutionally and in our work with clients. Although security is a constant concern for SmallBox and we are working throughout the year to ensure that our client's websites remain up to date and well protected, 2015 has been a year of security breaches and we felt the need to devote additional time to upgrading our practices and seeking out new tools to up our security game. As we heard reiterated many times at a security briefing by Pondurance earlier this summer, it's a question of when, not if, you get hacked. Of course, it's far from hopeless and there's a lot you can do to significantly lower your chance of being hacked and even more you can do to lessen the damage done by a breach. Here are a few key questions we'll be diving into while reviewing our incidence response protocol and we encourage everyone to think about and revisit these regularly.
- If my work computer was lost or stolen, what information would be compromised? How difficult would it be for a stranger to access confidential information on my computer?
- Where is confidential information (i.e., passwords, credit cards, subscription keys) stored and who has access? Can I limit this access to decrease my exposure in case of a breach?
- Is our incident response plan timely and efficient? Your incidence response plan should cover everything from the detection of a security breach and security risks to a discovery plan focused on learning and adapting from the breach.
- Are the people in my company informed and knowledgable about our incidence response plan and can recognize and respond to a security breach when it occurs?