In light of the recent cyber attacks on international businesses such as Google and Sony, and news that a teenage hacker broke into NASA, it’s only natural that smaller businesses are worrying about the state of their online security.
Small business owners are under a great deal of pressure as they need to know their core business, as well as having a basic knowledge of many other things including accounting and IT security. However, there is no need to worry, as a few basic rules suffice in gaining IT protection.
A recent report by ENISA (European Network and Information Security Agency) on breaches of data security regulations in European companies puts it in a nutshell: When it comes to IT security, small companies are in a particularly difficult situation. While they all have a great deal of data which requires protection, most of them have neither the staff nor the knowledge to protect it effectively.
For example, a law firm cannot afford to hire three security experts nor should a PR agency need to invest large amounts of money in IT security consulting. IT security should be very easy and manageable in terms of financial investment. However, small business owners should know which areas of IT require protection.
Basic to basics
No law firm, doctor’s practice or agency can function without computers, and only in rare cases are their networks purely internal. Instead, communication with customers, patients and vendors – or even just research – often requires an Internet connection, meaning that fewer and fewer companies can manage entirely without one.
It is therefore important that all computer systems are equipped with basic protection, i.e. an up-to-date virus scanner and a personal firewall. Rather than implementing multiple solutions which have the potential to be confusing and time-intensive to manage, all-encompassing protection packages can provide modules which work seamlessly together.
Keep it confidential
Many small companies handle extremely sensitive customer data, from patient information stored by a doctor’s surgery to client documents held by a law firm. All this information, which is not intended for third-party viewing, should be encrypted.
Encryption translates data to a secret code and is the most effective way to achieve data security. To read an encrypted file, a key or password is needed to unlock the translated information.
Use correct passwords
Customer databases, access to email and computers themselves should be protected using passwords. However these tools are only secure if the passwords used are at least eight characters long and composed of both upper-case and lower-case letters, as well as special characters and numbers.
They should also be used only for a single purpose. Memorising a secure password like “3zP_0S$v” and then using it for everything is not good practice. This is when a ‘password manager’ tool can be helpful to a small business as it memorises secure passwords.
Small business owners know which areas of their company need protecting, but what about their employees? In most cases, staff won’t be IT experts either. Two strategies are recommended here; firstly, clear rules should be established for using IT systems, these should specify prohibited activities such as sharing passwords or using USB flash drives. Secondly, rules should be backed up with appropriate security settings.
Before investing in security technology, small businesses should assess the historical and current malware detection capabilities of various anti-malware products on the market. Security software for small businesses has in the past been expensive and confusing; however it is a vital aspect of business that cannot be overlooked in today’s troublesome cyber environment.