If one of your computers became infected with malicious software, such as a "keylogger" or "backdoor", how much information about your business would the hacker be able to steal?
  How long would it be before you even noticed anything was wrong?
  Do you know how and where to look for traces that you were hacked?

Do you have, or have you ever had, a disgruntled ex-employee?
  Would that person have enough expertise to deface your website?
  Might they have a friend who could help them disrupt your online presence?
  Could they report to a software vendor that you have not purchased a sufficient number of licenses for all copies installed on your business computers?

Have you exercised "due care" in securing your electronic information assets?
  Would you be able to document your processes during litigation?
  If you are a HIPAA "Covered Entity", have you considered the benefits of an independent third party security audit?

When was your last review of the security policies that you have put in place?
  Do they still apply to your current business environment and to current information technology security risks?
  Do all of your employees know your security policies and have access to a current copy?

A secure computer network reduces your financial risk exposure, ensures your business reputation, and enables you to concentrate on growing your business.  Risk cannot be entirely eliminated, but measures appropriate to the level of risk can be implemented to reduce and manage its impact on your business.

Remember, security is a constantly moving target:  what might be considered secure today quickly becomes insecure tomorrow.  Security complacency is not a responsible option:  rather, it is a prescription for business disaster.

Contact Duke InfoSec & InfoTech Services today to learn how you can manage risk and protect your company, your staff, and your customers.