One of the most common mistakes made when planning IT security for small businesses is the thought that a security breach won’t happen to them. If the thought process of “I am too small for cyber criminals to bother their time with my data” ever was true, it is wishful thinking today. Small businesses fall prey to cyber-attacks all the time. In fact, studies published by Symantec show that attacks on small businesses are growing. Yet, resources are scarce, and budgets are tight. Now more than ever, it is incredibly difficult for owners to prioritize security for small businesses and their technology.
In order to help with this process, we have identified some tips that increase security for small businesses.
IT Security Tips for Small Business
Identify Your Sensitive Information
Document what information your company has that contains sensitive data. Make note of what systems, servers, and computers it is stored on. Keep this type of information on as few devices as possible, and be sure to try to segregate it from the rest of your network. The fewer copies of data you have, the easier it is for you to protect.
Encrypt Your Data
If you choose to keep your data on site, encrypt it. Many databases and applications offer data security encryption services. Use a secure encryption technique so that even if information is stolen, it cannot easily be compromised.
Install Anti-Virus Software
If you haven’t already done so, install anti-virus software on every computer used within your workplace. In addition to anti-virus, anti-malware software is also critical for the security of small businesses. These types of software are readily available online from several different vendors. Sophos has a great example of this. Set your anti-virus software to automatically check for updates. This will ensure that you are remaining secure after the initial installation.
Implement Strong Password Policies
All the security in the world wont stop a security breach from occurring if hackers get a hold of one of your employees passwords. Strong password policies are essential for the security of small businesses. Put in place a strong password policy that tells your employees how to create strong passwords, and how often they must be changed.
Implement a Removable Media Policy
USB flash drives, iPods, and other portable storage devices are pervasive and are a real threat to the security of small businesses. Restrict the use of removable media within your organization wherever possible. For instances that are required, make sure the data is encrypted. This ensures that if the drive is lost, the data is protected.
Secure your Wi-Fi Networks
Wi-Fi Security is a huge IT risk for small businesses. If your network is left exposed, it makes an easy target for a hacker trying to get into your system. Make sure that your Wi-Fi is password protected and that the network is hidden. To hide your Wi-Fi network, configure your wireless access point or router so that the network name is not broadcasted.
Provide Firewall Security for your Internet Connection
Firewalls are necessary to protecting your network traffic. Make sure that you separate your internal network from the Internet through the utilization of a strong firewall. Make sure that any employees that work from home are able to work through the firewall as well.
Use a Spam Filter on your Email Servers
Spam emails are a huge threat to security for small businesses. All it takes is one employee to accidentally respond to a email that contains a virus, and your entire system could be compromised. Make sure that you are using strong email encryption and spam filtering services to protect your organization from these threats.
Secure Websites against MITM and Malware Infections
Websites can become infected with malware just like computers can. Regularly scanning and checking websites for vulnerabilities is essential to security for small businesses. Attackers can take advantage of these vulnerabilities by injecting malicious code that could send visitors to another site. Look for a site scanner and make sure it is used.
Use a Comprehensive Endpoint Security Solution
Endpoints provide a huge target point with regards to security for small businesses. Endpoints, such as desktops, laptops, tablets, smartphones, and virtual machines store a lot of data that keeps your business running. Not to mention the implications that the Internet of things has placed on security for small businesses. Password protect all of your devices, and make sure they are stored when they are not in use. Make sure they all are running effective anti-virus and anti-malware solutions to keep them secure.
Limit Access to Critical Data
Research has shown that unmanaged administrator privileges are some of the biggest IT threats to the security of small businesses. Yet many small organizations don’t take the time to set up proper access limitations. Your employees should only have access to the information they need to effectively do their jobs. Keep the number of people with access to critical data to a minimum. People such as the CEO, CIO, and others should be the only employees with unlimited access. Formulate a clear plan to map out access. Know which employees have access to what sensitive types of data. This will increase accountability and improve the overall security for small businesses.
Maintain Security Patches
All software vendors regularly provide patches and updates to their products in order to increase the reliability and security of those systems. Outdated and unpatched systems are a huge threat to security for small businesses. It is important that patches are implemented in a timely manner, as hackers regularly target known vulnerabilities in systems. This continuous up-keep makes it difficult for some SME’s to effectively implement patch management policies. If you don’t think this is something you can easily undertake, try outsourcing this process. Patch Management services extremely enhance security for small businesses.
Educate Your Employees
Establish basic security practices and make sure all your employees know how to handle and protect vital business information. We suggest having a written cyber security policy listing the dos and don’ts of using office systems. Have employees sign an acknowledgement that they have received, read, and understand the policies in place. Let them know that there will be penalties for failing to follow the cyber security policies. If you feel like they are unsure about the expectation, consider bringing in security experts for Cyber Security Awareness Training to improve the overall understanding of the initiatives. Make sure they feel comfortable asking questions and reporting vulnerabilities.
Have a Business Continuity and Disaster Recovery Plan
Having the proper security systems in place will certainly guard against data breaches. However, technology alone doesn’t ensure security for small businesses. Put together a business continuity plan that will keep your business operable in the event of a disaster.
Make a Regular Backup of your Systems and Data
You should regularly backup the data on every computer that is used in your business. Many types of Malware, including ransomware, steal your data – making it inaccessible for employees. Having these backups ensures that your data is safe in the event of a security breach, so that your teams can continue to work. Many Cloud experts have Cloud Backup and Recovery Solutions that will handle this automatically for you, alleviating yourself of the burden of checking everyones data. For more information on what files should be backed up, read our blog “Top 8 Files to Backup”
Watch the News
Data breaches and new forms of malware are often reported on the news. If you hear of a potential threat, ask your IT security company what they are doing to protect you from it.
Maintaining security for small businesses can be an overwhelming process. This is only more overwhelming if you have to maintain compliance regulations such as HIPAA or PCI. Consider outsourcing your security needs to a qualified managed security service. That way, you know that your systems are taken care of.
IT Security is complex. But it is necessary that your security systems are Always On to protect your business’ data. That is what Orion does best. Orion’s Security experts will work with you to ensure your entire IT infrastructure is secure.