IN THE NEWS

In today’s economy, increased reliance is being placed on the systems and software that support daily business operations. Is your IT department doing its job – protecting your data and ensuring that your systems are operating effectively, efficiently, and securely?

Security: The first step in assessing security of an organization is to define what information is sensitive and confidential. Next, you need to determine where that data resides or where it is going. Organizations often don’t operate in one central location; rather, data is being moved across town, state, and even out of the country. In fact, employee mobile devices are data in motion. If you don’t know where your data is going, you cannot secure it properly.

Backup: Is your IT department prepared for unavoidable business interruptions? Find out what data is backed up. How often? What is the retention period? How long is the restoration process? Knowing the answers to these questions prior to interruptions will limit downtime.

Outsourcing: You may be saying, “I outsource all IT-related procedures to a third-party provider.” IT outsourcing does not eliminate risk. Your organization is still the owner of the data and is responsible for its security. Always know what role your third-party provider is playing. Does it provide support only? To what data does it have access? Can the provider alter data? If so, is someone reviewing those alterations? Does the IT provider have 24/7 access, both onsite and remotely?

Address these questions and the next time you log on you will know your data is secure. Do you have other concerns about IT and the role it plays in your organization? Let’s talk.

Lisa Horzelski, CISA, lhorzelski@laporte.com
Lisa is an IT Audit Senior Manager in LaPorte’s Risk and Advisory Services Group.