Is Your Data Secure? Small to Medium Sized Businesses Are at Higher Risk than Ever!
According the Small Business Administration, as larger companies are becoming more vigilant about IT security, smaller and medium-sized businesses have become frequent targets for hackers.
What’s at Risk?
Most businesses have a variety of sensitive data stored on their servers. Everything from partners and employee’s personal information to confidential client information, as well as financial and other private data about your company’s performance. You probably have some trade secrets stored as well.
Taking First Steps to Protect Your Data
Start by limiting access to existing data – particularly confidential data – to those who need it. You can’t assume anyone knows what business information or data is sensitive and needs secure protection.
Identify what data and information need to be protected and from whom. Who requires continual access? Is there anyone who would benefit from limited or periodic access?
Understanding the Threats
Understanding the threats to IT security for small and medium sized businesses can help you know where threats may occur. Threats to your system security can be internal or external, and although it’s less common, caused by natural disaster.
Most failures are of human origin, and you might be surprised to learn 80% are internal, whether intentional or not.
Internal threats to your system include:
- Tampering with your website
- Malicious code and viruses
- Compromising web pages, including invisible code
- Theft of files
- Theft of laptops and computers
- Interception of email or Internet transactions
- Phishing tricks that deceive people into giving personal information
- Locking your computer(s) or site and/or crashing your system
- Stealing bandwidth and slowing or stopping performance
External threats are usually limited to:
- Vandals
- Activists with agendas, either personal or political
- Cybercriminals who want to make money from your data
- Information warriors working for nation states
Don’t make the mistake of thinking hackers have no reason to come after you. Remember, some of the damage is purely malicious. We’ve seen businesses get hacked for no apparent reason, and the headache and expense caused by even a small hack can be disruptive, even devastating.
In fact, while thinking through your specific needs, it’s important to bear in mind that the cost of NOT protecting your data is likely to be much higher than establishing security.
Understanding Your Vulnerabilities
IT security threats that impact small or medium sized businesses start with understanding your vulnerabilities. Simple vulnerabilities include computer hardware and/or software that’s outdated and/or not properly secured, and one of the most common problems is a lack of a security policy. And, for companies with security policies, keeping them up-to-date and enforced.
It’s important to establish protocols and make certain they’re being followed. Establishing and enforcing policies might seem cumbersome, but believe me, it’s nothing compared with all the work you’ll have to do if your system is compromised.
When we complete Strategic Planning for clients, they often tell us how relieved they are. Their lack of security was nagging at them, but they just weren’t sure what they needed to do, or who to trust, so they put off finding a solution until ‘some day’ in the future.
If you get hacked before ‘some day’ arrives, you can find yourself in a world of hurt. Compare it to having a major car wreck and realizing you hadn’t renewed your insurance and then having your identity stolen while you were in the hospital. It’s that serious.
Strengthening Your Security – Best Practices Basics
The simplest solution for IT security in small and medium sized businesses is to train employees in basic security protocols and offer rewards for following them.
Best Practices for the Internet – Don’t:
- Surf the web with an admin account
- Download software from unknown pages
- Download files from unknown sources
- Respond to popups about renewing drivers or other software
- Allow websites to install software
Best Practice for Email – Don’t:
- Open attachments from people or companies you don’t know
- Reply to senders you don’t know
- Click on links from senders you don’t know
Best Practices for Desktop:
- Establish a separate account for each user
- Don’t share passwords
- Use screen locking
- Power down at the end of every day
- Don’t plug ‘lost’ and possibly infected USB drives into systems
Start with simple protocols and develop a Strategic Plan. If you are a small or medium sized business and need IT security. We offer a complimentary Strategic Assessment. Call us at 303-383-1627 x1