12/03/11

By Ross Walker, director of small business and distribution, Symantec UK & Ireland

With recent threats like Wikileaks and various attacks targeted at stealing banking credentials, small businesses need to look at their data privacy practices and consider what they need to do to keep their customers’ personal and financial information safe.

So much valuable business information resides on computers, so it wasn’t surprising to see that our Symantec 2010 SMB Information Protection Survey found that almost three-quarters of small businesses are somewhat/extremely concerned about the loss of crucial business information. This concern is based on experience — 42 percent have actually lost confidential or proprietary electronic information in the past.

Here are some tips to ensure that your business is not part of the 42 percent that has compromised the privacy of its customer and business information:

1. Know what you need to protect: Today, small businesses’ critical information lives beyond the walls of the office on laptops and mobile devices. Look at where their information is being stored and protect those areas accordingly. To ensure the business is protected, focus on protecting your confidential information wherever it resides, as opposed to protecting the device.

2. Enforce strong security policies: It is important to enforce password management for managers and employees. Maintaining strong passwords will help you protect the data stored on a laptop if a device is lost or hacked. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Have employees change their passwords on a regular basis, at least every 90 days.

3. Encrypt Your Information: Encryption technology should also be implemented on desktops, laptops, and removable media. With encryption, your confidential information is protected from unauthorised access, providing strong security for intellectual property, customer and partner data.

4. Keep it clean. One of the most important yet simple steps to protect your important information is implementing comprehensive endpoint protection on your company systems. Businesses must always keep the program up to date and take action to remove threats caught by the program –ensuring that nothing malicious is passed through the business to customers. Incidents where harmful content is exchanged will surely reduce trust in an organisation and give customers cause to find a new merchant.