Step 3: Define a Security Strategy
Why You Need a Security Strategy
There are a number of risks involved in managing large volumes of client information electronically:
- electronic systems inherently pose a greater risk than the use of paper-based, decentralized record keeping systems’
- staff turnover can contribute to inadequate training and ineffective enforcement of security policies and standards
- most information security breaches are by people who are authorized to use the system
Every organization should consider these risks thoroughly, and be proactive in implementing appropriate privacy and security mechanisms in order to mitigate these risks. Ideally, formal procedures should be in place to govern the behavior of staff and help maintain privacy and security. It is the responsibility of every organization to formulate its own security strategy. Your IT contact can assist you with this.
Complete a Security Audit
It’s advisable for all organizations to have their IT contact perform a complete security audit. The security audit should include a complete review of your organization’s network infrastructure, server security, internet security, and password utilization.
Purchase an SSL Certificate
As part of the security audit, it may be recommended that you purchase an SSL certificate for your server. SSL is a special encrypting method used for transmitting private information over the internet. SSL keeps the communication between your server and workstations – that is, your client data – secure, by encrypting it. Your IT contact can assist you in acquiring an SSL certificate and configuring your server for its use.
Note: servers hosted with Roxy Software are configured to use SSL security by default.
Implement a Password Policy
Effective password selection is a key element in an organization’s security strategy, and plays an important role in protecting your client data. Pirouette’s password policy feature allows you to implement your own password policy regarding the minimum length and complexity of all passwords, ensuring that all passwords conform to the organization’s policy. This software feature also allows you to set the password expiry period, so that user passwords are reset on a regular basis.