The internet is a great business tool but viruses, identity theft and online fraud threaten businesses as well as home users. Prevention is better than cure, so plan ahead. You need multi-layered defences, including appropriate staff training and policies. You also need business-class computers that are designed to be safer online.
1. Make a plan. IT problems can destroy a business so you can’t afford to ignore the risks of viruses, fraud, data loss and ID theft. This is why a good plan today is better than a perfect plan next year. Look at what you do now and where you could make improvements. Take a holistic view of IT security that includes hardware, software, people and policies. Think about what you would do if you were the victim of a virus attack, computer theft etc. Think about what you most need to protect and what you need to make sure your business can keep operating.
2. Strengthen physical security. Theft is more common than hacking so it pays to protect your PCs properly. Use cable locks to keep PCs and laptops secure when you aren’t using them (for example in a hotel room or on your desk overnight). Make sure that your office windows and doors have good locks; consider installing an alarm. Store backups offsite so that if a computer is stolen you will still have the data on it. Use indelible security markers to identify your property and keep a log of serial numbers to help recover stolen hardware.
3. Protect your PCs. Whenever a computer is connected to the internet it is vulnerable to viruses, spyware and spam. Protect each computer with security software including a firewall, anti-virus, anti-spyware and anti-spam protection. Make sure you keep your operating system and security software up to date with the latest patches.
4. Control access to data. Your company’s information is its lifeblood: orders, contacts, suppliers, invoices, customer records etc. You need to protect this information to comply with data protection regulations, to keep it out of the hands of competitors and to prevent accidental deletion. Don’t ignore the insider threat – an unhappy ex-employee can do as much damage to your business as a thief. Protect critical information with strong passwords (or, better still, fingerprint scanners) and by adopting a ‘need to know’ policy. Delete ex-employees’ passwords and access rights as soon as they leave. Make sure that your wireless network is encrypted so that outsiders can’t eavesdrop or hack in. Make sure you erase the data on your old computers before you send them away to be recycled.
5. Give staff clear guidelines. An acceptable use policy is an important part of your guidance to your employees. You need to tell them what they can (and cannot) do online. For example, you may want to restrict their access to social networking sites and ban software piracy and inappropriate content at work. Get advice from a lawyer or HR specialist.
6. Train staff. Make sure your staff understand your policies, IT security risks and how to avoid them. Also, ensure that they know whom to contact if they have a question or problem.
7. Encrypt data on laptops. Unfortunately, it is easy to lose laptops or have them stolen. This means that you need to take extra care with data on laptops. Use laptops that make it easy to protect data with encryption and fingerprint scanners. Use a BIOS password to stop thieves accessing your computer. Protect against theft by using a plain bag (one that does not shout ‘I’m a notebook PC, steal me!’) and a lock cable.
8. Make regular backups. Backups alone will not prevent something going wrong but they are still essential to cut the cost of recovering from a problem. It is essential to make regular backups, test them occasionally and to keep them offsite.
9. Be wary of online fraud. If it sounds too good to be true, it probably is. When did you ever win a lottery without buying a ticket? Or get a well-paid job that didn’t require any work? It’s the same online. Be wary of scams and fraudulent sellers (especially in online auctions). Check out online sellers carefully before you give them your money.
10. Get good advice. You can’t completely delegate your responsibility to protect your business – after all, it affects you more than anyone else – but you can get help for some of the technical parts. Look for IT specialists in your area who understand small businesses and who can communicate in language you understand, not in jargon-heavy technical language.