Information security should be a crucial part of every organizations risk management plan and if it’s not, then you could be in for a  surprise down the road. Hope isn’t lost though. In a matter of minutes you can find a plethora of IT risk assessment information by simply google searching “Information security risk assessments”.

Relaxed information security can result in a multitude of problems including: viruses, ransomware, intellectual property loss and much more. Each of those items can be extremely costly. Recovery might mean that you lost a month of data, that you were forced to pay a ransom to unlock your files, or that you were losing valuable research, and you may never know it was stolen.

Do this…

  • Search for Information Security firm that can audit your systems and risk levels
  • Get multiple quotes, because some firms massively overcharge for services
  • Understand that your personnel is your biggest vulnerability, build a training plan, and execute that plan
  • Use complex passwords or passphrases
  • Set up 2-factor authentication
  • Set up auto sign out on computers, so PC’s left unattended get locked.


Don’t do this…

  • Don’t hire the first firm you speak to. Firms that are targeting your executives and non-IT staff to give security presentations are simply trying to drum up business through fear. They may do a good job, but will likely charge you double or triple.
  • Don’t make exceptions for training or security. Provide training from entry level employees all the way to the CEO.
  • Do not ignore updates.
  • Don’t click on email links from unknown sources
  • Don’t install unauthorized software

Leave a comment