We all hear of the disasters in the media of businesses that have either lost money or data (or both) and had to close down. It can be tough running a small business let alone keeping safe. Here are some tips to help ensure that your data stays secure and your business keeps moving along.
1. Security Policies
Every business needs to have effective security policies for its employees. Not only that, but they need to be enforced as well! Nowadays, with the plethora of devices available, the scope of such policies is positively mind-numbing however, with a little thought (and a bit of Googling) you can put together a good set of policies to cover most bases. The bare minimum needed here are the usual web and email usage (what is and what is not acceptable to view / send) but also password policies (how often they should be changed) and workstation (PC or laptop) security to cover what happens when employees leave their desks (assuming they have one). Bear in mind that most of these can be enforced if your company runs a server.
Also included in the password policy should be mobile phones and tablets (including those owned by employees), particularly those which contain company email and/or other data. There is readily available software to enforce these policies as well. In fact, if your organisation already uses Microsoft Exchange 2007 or above (including Office 365) either running on your own server on in “the cloud”, this function is already available. Use it!
2. Who has access to what?
Another important step is to have a clear idea as to who should have access to what resources, be it data, email, websites, whatever. Plenty of companies have lost valuable intellectual property through the wrong staff having too much access to too much information. Don’t forget, it’s not just fire, flood or earthquake that is a threat to your data. One of the greatest threats (if not THE greatest) comes from your own employees either through malice or incompetence.
To back this up (pun intended), you need to protect that data with a robust backup plan. This can be as simple as backing up the data store (be it a server, PC, laptop, NAS or whatever) onto USB drives and taking a different one home each day. Obviously, your own situation will decide what is best but make a plan and implement it – NOW! Work out what to backup, when to do it and where to put it and once it’s in operation, test it regularly. Sadly, very few small businesses do this and it doesn’t have to be complicated or expensive.
3. Keep out the nasties!
One step which is commonly only half implemented is an anti-virus / anti-malware strategy. Most seem to think that if they have the latest (or any) anti-virus software then they are covered. Not so! Whilst this will help, it needs to be a part of an overall protection scheme. Along with anti-virus (which sometimes included anti-malware) you need a decent protection from SPAM (hopefully already in place if you’re with a “cloud” hosted email provider) and, the most commonly forgotten, end-user training. Teach them how to spot a fake email attachment name (double extensions like .txt.exe which Windows by default will represent as .txt – a text file) or recognise a phishing link (hover the mouse pointer over the link and check the actual web address pointed to, don’t just go by the link text itself). The overriding urge to open attachments needs to be curbed unless it is something they are definitely expecting from an organisation they trust. Make sure they know basic things like banks and the IRD will NEVER ask for their logon details and if it looks too good to be true, it usually is but get a professional opinion first. Have an office culture of it being better to ask than cause a meltdown of the office computer system.
UPBEAT Business Computing provides a full range of consulting, design and implementation services to keep small business computer systems running smoothly and efficiently.
Feel free to call us toll-free on 0800 872-328 for expert advice for your small business.