For many small business owners, creating an IT security plan is a reactive move put in place after an attack. But doing a little work ahead of an attack and establishing a viable plan can actually save a small business time and money.
A security break could ultimately spell the end of a small business. If bank account information falls into the wrong hands or data is breached, a business could lose potential revenue and sales and tarnish relationships with customers and partners who expected their data to be safe.
“Compromises no longer come from hackers,” said Bob Gaines, security and compliance manager at All Covered, an information technology services company. It comes from virus outbreaks and disgruntled employees.” Employees surfing the Internet unsafely can also result in a breach in the network.
While many small business owners will install a firewall and antivirus protection on their computer system, Gaines said that’s not enough. Owners should analyze how their business operates and create a plan that caters to its security needs.
“They need to take a holistic approach to security,” said Gaines. He advised all company computers be protected and employees should have an understanding of how the systems works and appropriate use of them.
If small business owners don’t want employees surfing Facebook or posting on Twitter, Gaines said they should block the sites as well as put the policy in writing. “A company needs to sit down and figure out how they want to protect the system and how to communicate to users what kinds of controls are in place,” said Gaines.
According to Gaines, security policies need to be refreshed regularly and the end users need to be educated about the policies at least once a year.
To reinforce policies, small businesses can create a screen that appears every time an employee logs onto the system that reads something like: by logging on you agree to abide by all the rules and procedures, and then summarize those rules. Having this reminder can also protect an employer looking to fire a worker that continuously ignores polices.
It’s also important that small businesses owners make sure their computers and employees have strong passwords . So what constitutes a strong password? According to Gaine,s it should be seven characters or more, be a combination of symbols and numbers and include a capital letter. “Each level of complexity added makes it harder to crack.”
While firewalls and anti-virus software are a necessity, Gaines said it’s also important to back up data regularly and to encrypt data that the business wouldn’t want to fall into the wrong hands. Data can be encrypted in such a way that only a few employees can have access to it. Small business owners that have mobile users need to make sure the data on the smartphones and laptops are encrypted. In the case of a smartphone, Gaines said to make sure the phones have an app installed that can remotely wipe the data off the phone.
While creating a comprehensive IT security plan may be daunting, Gaines said it doesn’t cost a lot of money. After all, the heavy lifting is figuring out what the business needs and putting it in writing. Gaines said that many of the operating systems, including Microsoft, have a lot of protection built in.
“The only time they spend money is on encryption and the firewall,” said Gaines. “It’s not expensive considering the cost of a security breach could costs tens of thousands of dollars and a loss of trust from your clients and partners.”