Small and medium-sized businesses are facing a difficult challenge. In a report published last year, the UK government announced that small and medium businesses benefit from a 10% increase in productivity from Internet usage. SMEs heavily using Web technologies also tend to grow and export twice as much as others. In a time of economic downturn, these figures are not negligible. But with wider internet use comes greater vulnerability, and 87% of small businesses reported a cyber-breach in the past year too.
Part of this is due to the misconception that small businesses aren’t worth attacking compared to larger corporations. After all, large businesses tend to hold much more personal and financial data, and a security breach would have a much wider impact if a bank’s systems were compromised than if it were, say, your local car dealers. However, small businesses still hold valuable information – often easier to access – and they can also represent a great stepping stone into larger corporations’ systems.
Mainly, though, it’s simply down to smaller structures being more underprepared, not having the in-house expertise, manpower and resources dedicated to online security. This makes SMEs a far easier target, when a few simple measures would go a long way to avoid the most common breaches.
Running a simple audit on the online security of your business is the best way to start, so you can get a good understanding of the behaviours and habits of your employees and identify weaknesses in your processes. Here is a breakdown of the areas that are the most commonly neglected.
Are You Religiously Updating Your Systems?
This is obvious, but protecting your computers and network against intrusions is the first port of call. However, after systems have been initially set up, security updates are often missed, perhaps because of a lack of awareness or because of busy schedules.
Make sure that all the computers on your network are running on the most recent operating system. Not only are latest versions normally the most secure, but they will also be supported for longer. Let’s look at Windows, probably the most widely used operating system in the workplace: Windows 7 – first released in 2009 – will only benefit from mainstream support until January 2015, and Windows XP will no longer be supported at all as of April next year. If your machines are running on older operating systems, latest security updates will no longer be received, and your computers will be vulnerable.
Don’t forget to also keep your firewalls, anti-virus, and anti-spyware programs up-to-date. For ease of maintenance, configure these for automatic updating. That way your defences will remain as current as your software vendors manage to be, without employees having to keep abreast with the industry latest developments. Don’t neglect emails either, and ensure that your email provider offers virus and phishing scan of the latest standards.
Do You Know Which Devices Are Connected To Your Network?
With more and more employees bringing their own devices to the workplace, accessing their emails and business-critical data from their own laptops, mobiles and tablets, it can be tricky for IT teams to keep track of all the devices connected to their networks.
It is, however, essential for businesses to know from where their data and network are being accessed so that processes can be established to cater for these users. Refusing to embrace the Bring Your Own Device trend is likely to be a futile and counter-productive exercise; better to have a regulated approach to BYOD and a secure network in the event that personal devices are lost, stolen or hacked.
Before putting a set of strong guidelines and restrictive policies in place, assess the risks associated to the use of personal devices in your business and try to establish what the threats might be.
Beyond strong password-protection on employees’ devices – which will be fairly limited on mobile phones and tablets – BYOD security measures might take the shape of anti-malware, encryption, passcodes, remote wipe or sandboxing, depending on your requirements. Be creative in your approach to BYOD. Making sure you secure data as well as devices is likely to be the most effective solution.
Are Your Staff Aware Of The Risks Associated With Internet Use?
It’s too easy to assume that your employees won’t fall for the traps of cyber criminals. With new levels of sophistication now used in phishing, email scams and drive-by downloads, even savvy users are not immune to hacking. Staff education plays an increasingly important role in safeguarding the online security of your business.
When new employees join your company, make sure that guidelines on the use of the internet are provided as part of the induction process. You might want to consider restricting web surfing on company computers and smartphones or distributing a list of off-limits high-risk websites or website categories.
The importance of secure network connection to access company’s files should also be stressed, along with the need for resilient and well-guarded passwords on any sensitive data. Providing case-studies and regular workshops on latest security breaches techniques can not only be a way to educate your staff, but also inspire and empower them to make a difference in your business.
So, Is Your Business Taking IT Security Seriously?
Online security goes far beyond having appropriate security software in place. When assessing the online security of your business, don’t forget to also consider:
- Data storage, access and deletion, on the premises as well as remotely
- Restricted access to business sensitive data
- Web surfing and downloads
- Use of personal devices in the workplace
- Encryption of critical storage devices and files.