“Small businesses are equally as vulnerable as large enterprises when it comes to data security,” warns King of Servers’ managing director Albie Attias. But what is it about small businesses that puts them at such a risk? Albie explains below.
[easy-tweet tweet=”Small businesses are equally as vulnerable as large enterprises when it comes to data #security”]
Providing adequate security on a tight budget
Small businesses often have limited budgets for expenses such as IT because it is hard for some business owners to visualise the financial return from their investment in this area. With EU law introducing fines for businesses that do not adequately protect their data however, it is becoming clear that bosses need to see the importance of investing in security.
Albie Attias says: “For some small businesses, investing more heavily into security will mean cutting back IT expenditure in other areas. This puts a lot of pressure on the IT department, which, in smaller companies, may only consist of one or two people. Finding that budget is incredibly important for businesses however, as leaking data can incur fines, on top of a bad reputation.”
Reducing the risk of human error
Human error is one of the main contributing factors in data leaks, yet many small businesses offer little or no staff training regarding best practices when it comes to keeping data safe.
Albie Attias explains why he believes this to be the case: “Small business owners may not feel they have adequate knowledge to personally deliver a training session on IT security, and hiring an external professional can be expensive.”
Staff training does not have to break the bank however, as Albie suggests ways in which small businesses can do so on a shoestring budget: “If the business has an in-house IT department or person, they can help to create a handbook of rules or deliver a simple one-hour training session on best practices for employees to follow. If your IT department’s resources are already stretched, there are many resources online that advise staff members on common habits that can put data at risk. Simply run this by your IT department to confirm it is accurate and send round to your staff, explaining its importance.”
Executing regular security audits
“Security audits are underrated,” says Albie. Why? Well, security audits are integral to helping businesses establish security vulnerabilities and reduce threats. Without carrying out regular audits, businesses risk leaving gaping holes in their security and implementing an ineffective strategy. However, in small businesses, they are often overlooked or put on the back burner as they can be time and resource-consuming.
Albie explains why they are in fact worth the resource and effort: “It is often the IT manager’s responsibility to protect small businesses from security threats, yet if they are not given the time, means and assistance to carry out an effective audit, they will struggle to use their budget effectively. This can lead to wasted expenditure as they implement a security strategy based on gut feeling and guesswork rather than issues highlighted through a controlled procedure.”
As part of the King of Servers security awareness series, which is taking place on their website, we have written a guide for small businesses, on how to successfully conduct a security audit. This is worth referring to when you are ready to start conducting regular audits.
Accepting that cyber criminals don’t just target large businesses
Because the media only really reports on data leaks from big household names (ahem, Sony), small business owners make seek solace in the common misconception that it won’t happen to them. This is not the case, as smaller businesses often make easy pickings for hackers.
Albie points out that not all data leaks are visible: “Just because a small business hasn’t physically ‘seen’ that they have lost data, they may be inclined to think theirs is safe. This is not the case, credit card data for instance, could be getting leaked over a long period of time before a small business picks up on it.” This brings us back to why staff education and security audits are so important – the first aspect of improving your business’s security, is to accept that it is at risk.
[easy-tweet tweet=”Data protection is important for small businesses and there are still low-cost means of improving IT #security”]
Data protection is incredibly important for small businesses, and although limited budget often creates barriers, there are still low-cost means of improving IT security. As more operations move online, bosses need to consider how they are storing their data to avoid leaking personal information.