Cyber criminals undoubtedly attack big businesses but smaller businesses are vulnerable too and often fail to take basic steps to protect themselves. Here are our top tips to help keep your small business secure.
Assess your risk
How you run your business and what kind of data you hold will impact on the level of risk to your business. Even the smallest business will have personal details of staff on file as well as company accounts. If you process payments for customers you may retain credit card details and addresses on your own servers. You may also hold other confidential details about customers as well as mailing and marketing lists. In short, any kind of business will at some point generate and store data that would be of interest to cyber criminals. You need to consider how valuable or sensitive each set of data is by performing a security audit. Businesses of any size are also subject to national data protection laws and you need to be aware of these and the penalties for non-compliance.
Once you’ve established the data audit you need to consider the impact of a security breach on your business. Who or what would be affected? Could the business continue to trade? Only once you have a clear view of the risks can you decide whether you have the right security in place and what to do to improve it.
Educate your staff
The first step to beefing up your security is to make your staff aware of the risks from hackers and criminals. Cyber criminals are very cunning and sophisticated but they can be stopped through some simple preventative measures and education. Take a look at our guide to the tricks that cyber criminals use to educate yourself and then educate your staff about the dangers. Training sessions are often easier in a smaller business thanks to the simpler logistics of a small work force.
Through these staff training sessions you can make people aware of such things as email safety, password usage, safe mobile use and the importance of data protection. You can also introduce an Acceptable Use Policy (AUP) for all staff which can include web and social media usage. For a more detailed look at staff security awareness take a look at our guide.
Get a hardware firewall installed
The best place to stop malware is at the point of entry to your business; in other words where your network meets the internet. This is where a hardware firewall sits. These are now available configured for the needs of small businesses, easy to manage and reasonably priced.
The advantage of putting a firewall and anti-malware software in one box that then protects all the PCs on the network is that only one box needs to be updated and maintained. It also keeps the AV software settings away from individual users and means that you can block access to certain websites among other features as well as control spam and suspicious email before it reaches employees inboxes. Some can also provide protection for employees working remotely. A hardware firewall can help protect you and your business and let employees get on with their jobs.
Keep AV software updated
If you feel that a hardware firewall is not for you then it is imperative that anti-malware software, which will have many of the features of a hardware firewall, is installed on every PC and mobile device. It must also be kept up to date to take account of new viruses and trojans. The best AV software will do this automatically for you. A cloud-based email service such a Google Mail or Windows Office LIve provides automatic scanning of email. If you run Windows PCs or Macs ensure that all Microsoft and Apple security patches are installed immediately they become available.
Keep web and data operations separate
It is highly likely that your business will have a website to promote your services. If you run your website from your own server, ensure you keep this separate from data servers. This will make it much harder for web-based attacks to succeed in stealing your data or attacking the network. An alternative is to use a web hosting company for your site.
Appoint or hire a security expert
As a small business you may not have the resources to appoint a full time IT Security officer, but you could appoint one of your more IT-minded staff to look after IT security operations. Another option is to hire a Managed Security Services Provider (MSSP). These are outsourced companies that will handle all of your IT security needs, including web and email security on a contract basis. Many provide services specially tailored to small businesses. When using an MSSP, it is imperative that both parties are fully agreed on the Service Level Agreement (SLA) and that the provider meets it.
Author Rob Waugh, We Live Security