home | help | contact  
  Vendors
Submit a Listing
  Financial Planning
  Contact Mgmt
  Portfolio Mgmt
  Asset Allocation
  Websites
  Presentations
  More....
  Resources
  Articles
  Tools & Checklists
  Free Tools
  Calculators
  PowerPoint Slides



Articles
 
How Secure is Your Practice?   Related Links  
Use this checklist to protect your practice against viruses, computer theft, disasters and data loss.   Articles
  

By Tony Valaitis, AdvisorTek.com

Practice Security Checklist

  Data Backup
  Backing up critical client and practice management data regularly is like an insurance policy. It allows your practice to get up and running quickly after a data loss. While hardware can be replaced and application software reloaded from original media, recovery of data files relies on regular backup procedures.
   
Do you perform regular backups (ie/ weekly) of all data files?
Does your staff perform regular backups of data files?
Do you periodically test restoration of client data files to ensure the backup files work?
Is at least one copy of the data stored in a secure, off-site location?
Do you periodically review your backup requirements?


  Physical Security
  Ensuring the physical security of your desktop, laptop and server computers is a key step in securing the information stored on them.
   
Are your computers located in areas that are not easily accessible to outsiders?
Do you and your staff take responsibility for locking doors and windows?
Are your desktop and laptop computers equipped with anti-theft devices?
Are your network servers physically secure in a separate area?
Do you have an accurate inventory of all computing equipment and software that is stored off-site?
Do you have a "clear desk" policy to ensure your staff secures sensitive and confidential files when they're not working on them.


  Virus Protection
  Viruses can reach your computer in many ways, through floppy disks, CD-ROMs, email, web sites, and downloaded files. Use, and regular update, of anti-virus software is a critical element of security protection.
   
Is anti-virus software installed on all your computers?
Has the anti-virus software been configured to check all mediums (floppy disk, CD-ROMs, email, web sites, downloaded files) for viruses?
Is a procedure for automatically updating the anti-virus software in place?
If users become infected with a computer virus, do they know what to do?
Do you remind your staff to open only attachments they expect?


  Disaster Recovery
  If a fire destroyed your office, what would you do? Having a disaster recovery plan can help minimize the impact on your clients and get your practice up and running again.
   
Do you have written continuity plan in the case of a major disaster such as a fire?
Do you know how long your practice could function without computers, servers, or network access?
Does your head office provide any disaster recovery assistance?
Do you have at least one copy of client data and application software stored in a secure, off-site location?
Do you have a current inventory of your computer equipment, software, and critical client files?


  Firewall
  A firewall is like a security guard that stands between your computer and the Internet. It examines all traffic routed between your computer and the Internet to see if it meets certain criteria. If it does, it is allowed in. If it doesn't, it is stopped.
   
Do all of your computers have firewall software installed?
Has the firewall software been configured to protect the required information on your computers?
Does your network have a hardware firewall installed?
Do you have firewalls installed at every point where your computer systems is connected to other networks, including the internet?


  Password Management
  Strong locks and alarm systems help keep intruders out of your place of business. A password management program with strong passwords that are changed regularly will help protect your practice and client's private information.
   
Do you require passwords for access to all computers?
Do you instruct staff to choose "strong" passwords that are not easily duplicated?
Do you and your staff regularly change passwords?
Do you require that passwords not be written down or shared?
Do you prevent users from choosing passwords that have been used only a short while ago?
Do you deactivate accounts for terminated employees in a timely manner?
Do you allow dial in access to office computers?


  Software Security Patches
  Hackers like to find and exploit bugs in operating systems such as Windows and software products such as internet browsers and email programs. To protect your practice from needless downtime, download and install software patches and updates as soon as they become available.
   
Are the operating systems you use updated with the appropriate security "patches"?
Are other software programs you use updated with the appropriate security "patches"?
Do you prohibit or restrict shared drives or folders on your desktop computers?
Have you verified that file permissions are properly set on your servers?
Do your staff have the appropriate level of access to applications based on their current responsibilities?


  Remote Connections
  The ability to connect remotely to a your office computer via the Internet can be a major advantage for business efficiency -- and your practice's bottom line. The downside is that if you can tap in, others can too. That's why security, including encryption and authentication, has to be a priority.
   
Do you use a virtual private network (VPN) to set up your remote connections?
Have you hired a security or IT consultant to have the VPN properly configured?


  Confidentiality of Client Data
  The need for ensuring the privacy of your client's data has never been greater as internet usage increases and compliance requirements become more demanding.
   
Is access to private client data restricted?
Do you have a "clear desk" policy to ensure your staff secures sensitive and confidential files when they're not working on them.
Are temporary or student employees given access to confidential client data? If so, is their use of such data monitored closely?
Is the unencrypted transmission of sensitive data or memos through e-mail discouraged?


  Security Awareness and Training
  The primary goal of a security awareness and training program is to reduce security vulnerabilities through education and promotion of good security practices.
   
Do your staff members fully understand their responsibility for computer security?
Have all copies of software in your practice been properly licensed and registered?
Is someone in your practice keeping current on financial service industry security issues and alerts?


ŠAdvisorTek.com 2004. All rights reserved.


 

home | about us | contact | terms of service | privacy | help

© 2007 AdvisorTek.com. All rights reserved.