Last week we spoke of why small business owners should be concerned about information security.
Just take a look at these statistics from a recent Symantec (refer resources) survey of security issues affecting companies around the globe during 2012:
• On average, Australian and US companies had data breaches that resulted in the greatest number of exposed or compromised records
• German companies were most likely to experience a malicious or criminal attack, followed by Australian and Japanese companies.
• At an average of 34,249, Australian companies have the highest number of breached records.
The risk and the damage that can be done:
Although strategies and technologies will vary between businesses, relative to their size, small businesses can take a big knock if they’re lax about internet and cyber security. A website being hacked or confidential information being stolen or corrupted can wind up costing many thousands of dollars you almost certainly haven’t budgeted for.
The impact on your reputation and customer relationships is at stake, and breaches can land you with a law suit. It could cost you the loss of your business and more.
Types of breaches:
Breaches to security can occur in one of three ways: technical, physical and personnel.
Technical breaches include things like system failures, website or server hacking and security issues. The physical relates to physical access to the equipment used; the PC, laptop or even server equipment, and personnel refers to those who work with or for you.
To ensure maximum security and reduce the risk of breaches and access to private information, here are our top tips for minimising your exposure to risk in each of the three main areas.
1. Ensure that your servers, computers and mobile devices have anti-virus, malware, firewalls and spyware correctly installed and updated to the latest version.
2. It is essential that you look into more specific technologies, such as encryption software to ensure the protection of customer information and prevent theft during transactions, utilise external payment processing company, such as PayPal.
3. Keep your technological systems up to date. Ensure that you’re running the latest operating system, your database is protected and you regularly update your system. Manufacturers regularly update the security and protection inbuilt into the system so keep updated to ensure maximum security.
Policy and Processes
1. Access to equipment needs to be restricted, not only from those who are regularly in the area in which you work; whether this is from home or a small office, but also from external visitors.
2. Keep your equipment hidden from view and ensure you have strict policy around screen locks and passwords. Changing passwords regularly and ensuring passwords differ between equipment, accounts and other system access will help improve security.
3. Where possible, set your system up so that strong passwords are enforced, not just suggested, and force password changes for yourself and others on a regular basis.
1. It’s essential that only the people who genuinely need access get that access. Limit it to as few people as possible.
2. Develop a systems usage and security policy, communicate it to everyone in your organisation and be seen to enforce it.
3. Personnel also need to be kept informed and up to date on security issues, new viruses and scams doing the rounds. Include this information in your policies and processes and regularly check to ensure your personnel are following all the updated security procedures.
Remember, no system, strategy or process is 100% secure. The best you can do is keep everything updated, layer your security measures and ensure your policies and processes are followed to reduce the risk of information security threats.