So you think your small business isn’t faced with the same online threats as a larger organisation? Think again!
The technology and resources available to smaller organisations to tackle internet malware (malicious software) are likely to be radically different from larger enterprises. But a security breach is far more likely to have a devastating effect on the revenues, or even the survival of start-up or small business.
“Small businesses can suffer hours of downtime per year for every computer used in their company, while the last two years have seen identity and information theft become the top security concern for the majority of business owners,” explains Simon Campbell-Young, Phoenix Software CEO, a specialist security distributor.
“When thinking about online security for your organisation, consider the age-old medical adage ‘prevention is better than cure.’”
He believes there are three categories essential to protecting any business: policy, technology and process. “Decide whether computers, laptops and software are to be supplied by your company, or by your staff – and reflect these decisions in your policies, purchasing and processes,” he says.
Next, focus on technology and process. “Ensuring that all operating systems and application software are updated with the latest security patches as they are developed – preferably using automatic update technology – is vital,” he says.
If you are running your own file storage and email servers in need of updates too. “In addition, it is vital to create an acceptable password-strength policy and ensure that all computers and other IT equipment are password protected,” says Campbell-Young.
The third pillar of comprehensive protection is process. Take security breaches seriously. “Isolate any compromised systems from the network and involve an IT security professional if necessary to ensure the malware is fully removed. All security incidents are promptly reported and managed,” he says.
Training and information sessions on basic online security training and company policy regarding backups of all company files, data, email and other systems are vital. “Change all passwords regularly, especially when an employee or contractor leaves the company, and in particular change administrator passwords or shared passwords to centralised networks or systems,” he adds.