A primary role of any small to medium sized business leader is to manage costs and cut back where possible, especially in tough economic times. In doing so it is important that these efforts do not compromise the ability to secure information, minimize liabilities and ultimately make money.
Many small business managers believe they are less likely to be a target in a malicious attack because their company is small, but this is simply untrue. Hackers prey on small and medium sized businesses because they generally take fewer security precautions than their larger counterparts making them more vulnerable to these types of attacks.
Smaller businesses are generally more entrepreneurial and less emphasis is placed on rigid policy and procedure; therefore, a laid-back approach to best practices is often adopted as a result. The simplest precautions to implement are also the easiest to overlook and this is cause for trouble.
The bullet points below provide a quick and easy checklist to help reaffirm your commitment to security.
Training and education: Make sure that all employees understand the importance of the matter so that no one is a weak link in the system.
Access procedures: It may be convenient and productive for employees to log in extra hours and work on company files at home but keep in mind that anything brought in from outside is an instant threat. One infected file can contaminate an entire network. Formulate a plan to address this. Consider a company policy that forbids this practice or even disable USB ports. It is possible to disable only the flash drive portion of the USB so that they still are compatible with other functional hardware such as keyboards and mice.
Review permission: Employees should have access only to the parts of the system they need to complete their job function. It is particularly easy to overlook default settings when initiating a new user. Also, schedule this review periodically as job functions and needs change over time.
Change passwords regularly: Periodic changes to passwords are sometimes required but if not, employees are reluctant to update them. It is difficult to remember new passwords, after all a person can only have one birthday, birth city and first pet but this is an integral part of an overall strategy for information security at every level including servers, systems etc.
Research cloud computing solutions: Make sure that the vendors you partner with take security as seriously as you do. Research each vendor especially those who store or manage secure information for your company.
Install and update virus software: As much as we all know about the importance of virus protection delaying updates and not registering pre installed software are common occurrences. Don't make this mistake. A quick email reminder to all employees is a great way to keep this topic top of mind among your team.