As a small business, have you finalised your priorities for the year ahead? A new year is often the time that small-business owners can spare a few hours to map out plans for the year ahead. With more and more focus on digital transformation those plans should include an effective security strategy.
From ransomware and phishing attacks to viruses and rogue staff, a small business faces many potential threats to its IT infrastructure. Keeping servers, applications, data stores, and user devices secure must be a top priority.
Here are my five top tips for achieving, and maintaining, effective IT security in 2018.
It’s important to protect all your data, however, some categories need more protection than others. Losing access to a core customer-records database could quickly bring a business to its knees, while having archived expense reports accidentally deleted might only be an inconvenience.
Begin by evaluating the different data stores and determine which would have the biggest impact on operations if they were lost or stolen. Once you’ve identified the top data stores, focus your attention on ensuring that data remains protected and accessible at all times.
Also consider the security of data held in the cloud. In these cases, it can be tempting to think IT security becomes the responsibility of the cloud provider, but that’s not the case. Carefully check what security measures are in place and whether they provide an appropriate level of protection.
Different businesses require different types and levels of IT security. Consider working with an external technology partner to assess your requirements and select the most appropriate tools.
These could include perimeter protection such as firewalls, anti-malware tools for user devices, and encryption tools to protect data while in transit.
With an increasing amount of business being conducted using mobile devices, it’s important not to overlook their security. At the very least, antivirus software should be installed on all mobile phones and tablets.
Consideration should also be given to using a virtual private network (VPN) so staff can access centrally held applications and data stores in a secure manner even when connecting via public networks. It’s also worth pre-configuring devices with remote data wiping capabilities so their contents can be deleted should they become lost or stolen.
No data is truly secure unless it exists in more than one place, so follow processes that ensure core data stores are regularly backed up to a different physical location.
All too often SMEs find that an incident that wipes out or disables a central data store also has an impact on the backup copy because it was held in the same office. Consider taking advantage of automatic off-site backup services that can provide ongoing protection and peace of mind.
Even if an SMW has comprehensive security protection in place, the weakest link will always remain the user. By simply opening an email attachment containing malware or visiting a compromised website, a staff member can inadvertently infect or disable the business’s entire IT infrastructure.
User education is the key. Conduct regular sessions for all staff that explain the security risks that exist and the most appropriate ways to deal with them. Topics to cover could include how to deal with email attachments, the dangers of foreign USB drives, and what to do in the case of a suspected infection. Taking the time early in the year to ensure all staff are aware of their responsibilities will help to significantly reduce incidents in the coming months.
These tips will help SMEs ensure their security measures are in place and providing the level of protection required to avoid disruption and losses as a result of cyberattacks. In this way, the benefits of technology can be enjoyed while associated risks are minimised.
Jim Cook, ANZ Regional Director, Malwarebytes