Small and medium-sized enterprises (SMEs) are as exposed as any organisation to threats to their computer systems, whether the threats are software-based – such as viruses, worms, malware and spyware in downloads or even on websites – or come from direct human intervention through hacking.
Smaller SMEs, however, may be more exposed than the biggest because they don’t always have the investment or skills necessary to bring their IT security up to a level that is among the best. Here are some important measures that SMEs should undertake, along with guidance on how enterprise-level security can be made affordable.
Check your equipment’s physical security
The security of the property that an SME's computer system is housed in is a basic check. Is the building or room secured with smoke and burglar alarms? Can people walk in and out without being checked?
Get the right security software
Another basic is the software needed to safeguard not only data and information, including passwords etc but also the computers themselves. Malware can make computers run very slowly; viruses can render them unusable.
Off-the-shelf security products, or their free versions, can be very useful but enterprise-grade equivalents, which also make life more difficult for hackers and automated hacking programs, are a step up.
Another improvement from the basics is high end online filtering, which protects staff, data and information from malicious websites. Even innocuous-looking websites can contain threats that need to be neutralised. A trusted website might have been compromised by malware, which is ready to infect any computer that accesses it over the internet. Again, the best antidotes are, typically, enterprise-grade offerings.
Ensure robust user authentication
Enhanced security can also come about through a process called dual factor authentication (2FA), which identifies individuals through a combination of user name, password and information known only to them. As for firewalls: the best come at an enterprise level price, but – as with all aspects of security – SMEs absolutely needn’t be left out.
Consider moving data to the cloud
The cloud is a great leveller, bringing prices down to affordable levels. It has achieved that by allowing users of cloud computing to share all costs, including those of the physical security of the data centre, where the data and information is kept.
Using a cloud services provider that is ISO 27001 accredited will ensure that all processes during and after the move to cloud computing are compliant with it. ISO 27001 guarantees that standards are adhered to – and should help reduce costs further.
By Joseph Blass, CEO, WorkPlaceLive