Protecting any business, large or small, start-up or established, against the latest web threats has become an incredibly complicated task.
The consequences of external attacks, internal security breaches and Internet abuse have placed Internet security high on the small business agenda – so what do you need to know about security and what are the key elements to ensure your new business is and remains safe online?
Here’s how to protect your business online:
1. Close your doors to malware
In the same way that you wouldn’t dream of leaving your back door unlocked at night, you wouldn’t invite cyber criminals into your business. But, by not securing your computers, that could be exactly what you’re doing.
Malware is malicious software designed to infiltrate or damage a PC or network without your knowledge or consent. Employ the following to shield your business from malware:
- Apply the firewall. A good Internet router will have an on-board firewall (so don’t forget to turn it on), this is not enough nowadays with the complexity of malware, but it does provide a first line of defence.
- Protect the PC. The best security software will go beyond standard protection and will reside on the computer without hindering the performance of the PC, laptop or network. The best protection will encompass identity theft, risky websites and hacker attacks within a single solution.
- See it to defend it. Select a solution that helps you keep tabs on mobile users, and all your PCs and servers with a single console.
- Help mobile users. Good security will have location awareness. This capability changes the security settings on laptops automatically to the best level of protection for employees as they move inside or outside the office.
- Clean up email. Antispam reduces unwanted email, blocks risks and distractions for employees. Stop processing spam by stopping it before it reaches your business.
2. Write your policy – small businesses and start-ups are targets
Size is really irrelevant when it comes to online crime and fraud and smaller businesses are easier targets due to limited or no in-house IT support. Teach employees and re-teach them about your security requirements.
Your policy should include, but not be limited to:
- Share turn-ons and turn-offs. Which applications can be loaded on a company computers and which are prohibited?
- Require strong passwords. Refer to tip four on passwords.
- Enforce consequences. What happens if the policy is not followed? Be prepared to back up your words.
- Use it. Don’t abuse it. What is the proper usage of a company-issued computer? This includes use of the Internet.
- Educate about email. Include internal and external communications as well as what should and should not be opened or forwarded.
- Encrypt or be clear. Decide if an email encryption solution to protect your sensitive information is required and when.
- Appoint a “Go To.” Who is the person who employees can ask if they have questions about the policy or computer security in general?
3. Tackle social media before it trips you up
Social media is here to stay, so empower your employees with best practices and guidelines. The following are ways to minimise risks in social networks:
- Look who’s talking. Decide who can speak on behalf of the company and only allow those employees to write about the internal and external events.
- Define what’s confidential. In your security policy, cover social media sites like Facebook, Twitter, LinkedIn and more in your non-disclosure agreement for confidential business information.
- Provide guidelines and a forum to develop them. Social media blogging and posting for the company should have guidelines about what information is okay and who can post. Guidelines need to go beyond security:
- Blogger should identify themselves as employed/paid by your company.
You’ll get backlash otherwise
- Define the tone of the blog.
- Protect customer information and egos. Remind customers not to share personal information in a post and where to go for help with questions involving confidential information.
- Decide when support information should be released in social media.
- Get executive/owner sponsorship so guidelines can be adapted quickly with business needs in mind.
- Use resources like BlogWell (www.blogwell.com) to develop your guidelines and learn about social media.
- Blogger should identify themselves as employed/paid by your company.
- Be social, but be smart.
- You should only publish information that you are perfectly comfortable with being disseminated widely, depending on what you want to accomplish.
- Assume the worst to get the best results. Encourage employees to limit the amount of personal information they share online for their safety and your company’s safety.
- Add only people you trust to your contact list.
- Avoid clicking unexpected links coming from people you do not know.
4. Protect with passwords
Like it or not, passwords are the key to most small business networks, so they are important to protecting access to your networks. The more keystrokes and characters you add the stronger your password will be.
- Start out strong. Require strong passwords with a length of at least eight characters with embedded numbers, so you can stop simple attacks that guess passwords.
- Time to change. Time out old passwords and require password changes frequently.
- Keep them safe. Educate employees about why writing down passwords, storing passwords on cell phones, or using guessable choices puts company security at risk.
- Get the combination. For the strongest passwords, don’t use words at all. Use random letters, numbers and special characters. Use secure password managers to encourage complex passwords so that people don’t have to worry about remembering them.
5. Get critical about Internet security
Select security solutions that can help you conquer the latest threats with fewer distractions for your employees:
- Stop the mad links. Don’t rely on employees to think about security or restrict where and when they can access the network or Internet. Automate updates and make security transparent for employees.
- Keep the web productive. Along with guidelines for acceptable web use, select solutions that stop unacceptable use. URL filtering can limit access to unproductive sites completely or during business hours.
6. Ask employees for help
We’ve all seen the headlines that high profile data loss cases cause, but did you know that up to 80% of all data loss is caused by human error? Employees may send out confidential or sensitive information to the wrong people or in an unsecured way.
- Comply or die. Well, maybe not die, but the implications for data loss and accidental leaks are becoming even greater with increasing regulations. So, educate employees about regulatory requirements and best practices to protect information.
- Get confidential. Let all employees know what type of information is confidential and what potential problems can arise if these kinds of documents or files get out.
7. Lead by example
If you don’t walk the walk no one will walk with you. Whether you have a leadership position or not people look around to see what everyone else is doing.
- Don’t be the one. It only takes one person to spread a nasty virus across the company.
- Be an advocate. If you have found a way to have better protection or hear about a new threat on the horizon let people know. Share best practices across departments.
8. Personal devices used for work (BYOD)
The level of adoption for employees bringing their own devices (BYOD) to work in the small and medium business market is soaring – but what about the security risks?
Here are some measures you can apply to handle these BYOD concerns:
- Develop a BYOD plan for your company. A BYOD plan will provide a safety net against legal repercussions and mobile system costs. Draft a comprehensive, clear, and customisable BYOD policy that covers pertinent data deletion, location tracking, and Internet monitoring issues.
- Take advantage of mobility management solutions and technologies. Anticipate employee usage of mobile devices to mitigate probable pitfalls. Virtualisation and mobile device management solutions work well in maximising network bandwidth and controlling access for employees.
- Measure the benefits and impacts of BYOD programs. Most small businesses adopt the BYOD trend because of the increased productivity and overall competence it provides. However, not all take the time to gauge if the trend is worth the costs it accumulates. Monitor your use of BYOD to help justify its deployment and prevent future device security problems.
9. Be current
Be sure your mobile users, PCs and servers are using the best available threat intelligence. The cliché holds true; you are only as safe as your last update.
- Free the PCs. If your security solution is slowing your PCs, you are not alone. This is a common complaint with conventional security solutions. Look for solutions that make the vendor’s datacentre do the work for you by using hosted capabilities.
- Don’t rely on old antivirus. New methods of detection perform the equivalent of background checks on email senders, files, and websites to protect better and faster without slowing your PCs.
- Automate OS updates. Make it as simple as possible for your PCs to have the latest patches. The vulnerabilities in your OS are a key enabler of attacks.
- Require and check patch compliance. Give your users details about versions of software they need and how to check which the version they have. Provide links and directions on how to update to the correct version. If users see you are serious about compliance, they will be more likely to comply.
10. Choose a security partner, not just a vendor
Select a vendor who understands the unique needs of security in a small business environment.
- Choose a security vendor. Consider if your vendor is focused on security as a core business or as a part of their conglomerate.
- Check their record. Vendors with a proven track record of years of defence against multiple threats, with knowledge of both small business and enterprise experience can best support your protection.