We live in an age where corporate cyber-crime and hacking is now unfortunately an every day risk reality in the world of business.
While larger organisations often have extensive IT security technology and policies in place to better combat cyber threats, it’s the smaller, start-up businesses that are being targeted by hackers, due to weakened areas of basic IT security.
As businesses increase their use of mobile, cloud and digital platforms, protecting sensitive corporate information has become an unquestionable necessity. Here are some basic steps that entrepreneurs can implement quickly and affordably, to help secure their digital businesses’ walls from external cyber threats.
Assess your risk
A combination of the way you run your business and the kind of data you hold, will impact the level of risk to your business. Even the smallest business will have personal details of staff, company accounts and customer activities on file.
If you process payments for customers, you may retain credit card details and addresses on your own servers. In short, any kind of business, will at some point generate and store data that would be of interest to cyber criminals.
You need to consider how valuable or sensitive each set of data is, by performing a thorough security audit. Businesses of any size are also subject to national data protection laws and you need to be aware of these and the penalties for non-compliance.
Once you’ve established the data audit you need to consider the impact of a security breach on your business. Who or what would be affected? Could the business continue to trade? Only once you have a clear view of the risks can you decide whether you have the right security in place and what to do to improve it.
Educate your staff
The first step to beefing up your security is to make your staff aware of the risks from hackers and criminals. Cyber criminals are very cunning and sophisticated but they can be stopped through some simple preventative measures and education.
Training sessions are often easier in a smaller business because you have fewer staff to organise. Through these staff training sessions you can make people aware of essential safety precautions such as email safety, secure password usage, safe network use when working remotely or via mobile device, as well as the importance of data protection.
You can also introduce an Acceptable Use Policy (AUP) for all staff, which can include web and social media usage.
Install a hardware firewall
The best place to stop malware is at the point of entry to your business; in other words where your network meets the internet. This is where a hardware firewall sits. These are readily available, configured for the needs of small businesses, easy to manage and reasonably priced.
The advantage of deploying a combined firewall and anti-malware software is that it not only protects all the PCs on the business network, but it requires a single user to update and maintain the software, versus multiple, individual PC updates.
This approach also keeps the anti-virus software settings away from individual users, meaning access to certain websites can be blocked, spam can be controlled and suspicious email can be vetted before it reaches employee inboxes. A hardware firewall can help protect you and your business and let employees get on with their jobs whether working in the office or remotely.
Keep anti-virus software updated
It’s imperative that anti-malware software, which will have many of the features of a hardware firewall, is installed on every PC and mobile device. It must also be kept up to date to take account of new viruses and Trojans. The best anti-virus software will do this automatically for you – for example cloud based email service such a Google Mail or Windows Office Live provides automatic scanning of email.
If you run Windows PCs or Macs ensure that all Microsoft and Apple security patches are installed immediately when they become available.
Keep web and data operations separate
It’s highly likely your business will have a website to promote your services. If you run your website from your own server, ensure you keep this separate from data servers. This will make it much harder for web-based attacks to succeed in stealing your data or attacking the network. An alternative is to use a web hosting company for your site.
Appoint or hire a security expert
As a start-up or small business you may not have the resources to appoint a full time IT Security officer. One option is to partner with a trusted internet security software provider that offers free and local technical support. This comes as a huge benefit and often at a low cost, particularly when attempting to roll out new technology or even if you’re updating existing security systems and policies.
Another option is to hire a Managed Security Services Provider (MSSP). These are outsourced companies that will handle all your IT security needs including web and email security on a contract basis. Many provide services specially tailored to small businesses. When using an MSSP it is imperative that both parties are fully agreed on the Service Level Agreement (SLA) and that the provider meets it.