Small Business Security – 6 Things to Consider
Security for small businesses is often an afterthought. It shouldn’t be but it is. In many cases this is because business owners don’t understand it and we generally fear that which we don’t understand. As a result, the head goes into the sand and security goes out the window.
Ask yourself – How secure is your business? If you had a catastrophe and lost access to all your information because you got smacked with a ransom virus, could you still function? Understand this: no business is too small to get hacked so just throw that notion out with yesterday’s cold coffee. Purveyors of ransomware really couldn’t care less how big or small you are – they just want your money. So unless you want part of an ever-growing list of those who have been victimized, I suggest you take note of the following basic suggestions for small business security.
1) Where is my critical data?
Is it stored on site or in the cloud? Or maybe you have a hybrid cloud arrangement so it is spread across both internal and external environments. Or maybe (God forbid) your workers are carrying it around on their laptops and tablets. Money is not limitless (tell me something I don’t know) and you may well not have the resources to secure ALL your data. But ask yourself this: what data do you possess that you would need absolutely need access to within 24 hours of a catastrophe. Once you have determined the answer to that question, have a conversation with your IT team to figure out how to protect that most vital data.
2) Back to basics
Once you have figured out how to encase your most critical data in carbonite (sorry, got the new Star Wars on my mind) it’s time to address the basics of small business security. If you have not already done so, you definitely want to consider professional-grade antivirus. That and proper firewalls – both for wired and wireless access. In this case, it is highly suggested that you contract an outside expert who is fluent in small business security. This is definitely not an area to skimp out on and investments made here – although difficult to quantify – will pay dividends down the road in the form of uninterrupted access to your critical data. I know, you can’t see the accident that didn’t happen but just because your house didn’t burn down last year doesn’t mean you don’t buy fire insurance this year.
3) Reality check
Murphy has been telling us for years – bad things happen to good people. Fires, floods, thieves and faulty technology couldn’t care less that you donate generously to the United Way every year or that you fund the local youth baseball team’s uniforms. Nope – every day tons of small businesses catastrophically lose data for one reason or another. Some never recover. But pretending the risk doesn’t exist and casting your lot to luck is an ill-advised strategy. At the very least, you need a tried, tested and true backup strategy. Remember the old adage: all men believe all men are mortal but themselves. No one ever loses data until they lose data. If you like it, back it up!
4) Out with the old, in with the new
Servers, PCs, laptops, tablets, smartphones – they all pack it in at some point. Do you have a plan for proper disposal? Not only is it not very “green” to toss it in the big round file (shame on you!), its downright dangerous. Many a data breach has occurred due to not having a proper process for disposal of old technology. Old hard drives need to be properly destroyed, not just reformatted. And that even includes paper. If you’re moving towards the goal of a paperless office, make sure you shred your paper once you have digitized it.
5) The age of mobility
It’s here and it isn’t going anywhere except up. The genie is out of the bottle and now workers not only desire to work remotely, in many cases they demand it. its not only convenient, it may be necessity. And that means your people are walking around with some of your most confidential information right there in their front pockets. That certainly complicates things, doesn’t it? Again, enlisting assistance from an outside source is good practice. And speaking of good practice…
6) Policy and process
Every company needs policy for small business security. You can’t just talk about it or wish you were sophisticated enough to have clear policy, you need create it and insist it be followed religiously. If you don’t teach your staff the ins and outs of security, sure as shootin’ they’ll just make it up as they go along. Every business needs policy for mobility but it doesn’t end there. You also need an acceptable usage policy (AUP) for the internet as well as for file sharing and email. Make them read it, understand it, and sign it yearly. Now, being overly restrictive can be well, overly restrictive and that’s not great either. The point is to have security policies in place so that your people have firm guidance on just what is allowable and what is unacceptable. Make it up for them or they will make it up themselves.
Concerned your small business security is not up to snuff? Do you need guidance from a seasoned security expert? Talk to us today