If you’re running a small business, chances are there’s enough on your mind that IT security isn’t a top priority. It makes sense — with 50 per cent of SMBs failing in the first five years, it takes a combination of determination, effort and good luck to make a small business work. The problem? Ignoring IT security could land you in the wrong 50 per cent if consumer or credit data is stolen, information is destroyed or a post-incident investigation reveals you didn’t do enough to protect this data. It’s not all doom and gloom, however: Here’s a look at the top four IT security practices for SMBs.
[easy-tweet tweet=”If you’re running a #SMB, chances are there’s enough on your mind that IT #security isn’t a priority”]
Recognise your risk
SMBs are now attractive hacker targets. Why? Because cybercriminals know that small businesses are often sitting on critical consumer data such as names, addresses, Social Security numbers and credit card information. They’re also aware that SMB IT security — as a general rule — isn’t on par with enterprise defences, meaning attackers have a better chance of getting in, getting what they want, and getting out before they’re detected. Want proof? New research from independent research firm Ponemon Institute found that 50 per cent of SMBs experienced data breaches over the past 12 months.
Your best practice here? Design IT security with high risk in mind: You’re not a second choice or “also ran” for hackers — in many cases, you’re a top target with valuable resources. Plan for a serious, coordinated attack.
Defend your data
The next best practice to secure SMB IT? Make it standard practice to fully defend your data. Start by making sure that every piece of critical information on your network is encrypted. This starts with data in transit — sent from and received by your business — but it’s also important to protect data at rest. If hackers get their hands on anything, it should read like gibberish, not shine like gold.
As OpenDNS points out, SMBs should also take steps to regularly back their data. This might take the form of off-site servers, cloud storage or even tape drives; just make sure you have more than one copy.
Where possible, hackers prefer the easy route to more complex and high-risk methods — why get caught trying to subvert antivirus programs or sophisticated defences when they can simply log in through user accounts? If you don’t think it happens, think again: As noted by recent research, top passwords from 2015 included the ever-popular “123456,” “password,” “starwars” and the oh-so-secure “letmein.”
How do you solve this problem? Start with a hard-and-fast timeframe for password changes; six months is a good rule of thumb. Make sure everyone — from owners and managers down to front-line employees — follows the same rules. For example, don’t let staff re-use the same password, opt for a minimum character length (eight or more) and prevent the use of repeated characters. Since you’re probably not an IT pro, it’s worth spending on reputable password management software to help manage user logins.
Think outside the organisation
Bottom line? You can’t do everything yourself. In the same way you outsource manufacturing, accounting software and even marketing responsibilities, it’s now possible to tap a reputable third party to handle SMB IT security. Managed service providers not only have access to substantial cloud resources — keeping your servers free for critical, as-needed data — but also a wide variety of specialised tools and solutions designed to protect key assets. In addition, the right service partner can help draft a customised IT security policy that meets the specific needs of your business. Here, the key is research and reputation: Look for a provider staffed by IT experts with substantial experience in the industry, and always opt for a partner that offers 24/7 service.
[easy-tweet tweet=”It is now possible to tap a reputable third party #cloud vendor to handle #SMB IT #security”]
Running a small business is no easy task, but leaving IT security off the table is a surefire way to increase the chance of network compromise. Protect yourself by recognising risk, defending data, prioritising passwords and opting for outside help.