12/03/11
By Ross Walker, UK & Ireland Director of Small Business at Symantec
A decade ago, social networking sites were just beginning to surface, a smartphone was rarely used, and fax machines were still considered vital in a workplace. Today, it’s a very different picture: almost all employees have at least one mobile device, workers are always online, and corporate information is being shared alongside personal information on social networks such as Twitter and Facebook.
Consumer technology now plays a starring role in the daily lives of small businesses. Companies are learning that social networking sites can provide a genuine competitive edge, both by finding and forging deeper ties with customers and by empowering employees. However, the increasing use of social networking sites makes these businesses a prime target for cybercriminals intent on stealing identities, spreading viruses, or conducting other harmful activity.
According to a Symantec SMB Security and Storage survey, more than one out of three businesses still don’t have basic antivirus software protecting them from online threats. An increasingly mobile workforce accessing and sharing company information from home and on the road leaves companies even more vulnerable to the risk of data loss. As a result, critical and confidential information is slipping through the cracks into unprotected territory, resulting in loss of sensitive information related to the business and its customers. Not only do these incidences cause data breaches, but they also result in hours of downtime while companies try to get systems up and running again.
So how can small businesses stay connected and embrace the adoption of new technology amongst employees while properly ensuring business information is protected and secure? Where do businesses draw the line on the use of social networking sites and instant messaging in the workplace? Here are few essential things small businesses can do right now to protect information while embracing today’s connected world.
1. Understanding Information Exposure
One of the biggest challenges small businesses face today is balancing the need for information to be readily available at all times with the need for it to be properly protected. Evaluating the potential for risk is essential to maintaining that balance. Speaking generally, businesses can ask themselves fundamental questions such as: Where is my confidential data? How is it being used? And, how do I prevent data loss?
2. Refreshing Internet Policies
Small businesses have dealt with threat issues raised by employee use of the Internet for many years, and the rise of social networking sites adds an extra layer to this challenge. There is no one right answer for how companies should proceed. However, the heightened risks surrounding online social networking pose an opportunity for businesses to refresh IT protocols to ensure employees are making proper use of the Internet. This includes:
•determining the new technology and websites employees are using and how they are being used in the work setting;
•educating employees about the implications of social networking sites from a professional and personal point of view;
•offering training to raise employee awareness of IT security and identity theft issues, including discussions about the current risks the Internet may pose and the consequences of being a victim; and
•building a clear and comprehensive ‘Acceptable Online Usage Policy’ in place, so employees know such things as what websites/applications are acceptable to use at work; having strong passwords in place on all devices and confidential websites; and, warning them not to open suspicious attachments and links in unexpected email. Make sure employees are aware of these policies. Ensure they are regularly reviewed, updated and enforced with an appropriate technical solution.
3. Managing Mobile Devices
Businesses that have mobile devices available to employees should establish best practices specific to these devices to ensure information is secure. Employees and consumers should feel safe in accessing confidential information without worrying it will end up in the wrong hands. Ensure all mobile devices are password protected. Encourage employees to be vigilant about personal security by not leaving handheld devices laying around. Make sure employees use only secure wireless connections when accessing corporate network remotely. These simple steps should be added to the ‘Acceptable Online Usage Policy.’
4. Making the Right IT Investments
Small businesses should ensure they are purchasing a solution specific to the business, and one that meets its needs and budget constraints. Businesses should look for an all in one suite that is easy to use and protects against malicious software, spam, data loss and downtime. This solution should have end-to-end protection, ensuring it is sophisticated enough to defeat known threats and unknown threats no matter the device (i.e. laptops, desktops, mobile devices, and servers; in email; over the network; and in storage devices). The solution must also have effective and accurate antispam protection that automatically detects spam without requiring manual adjustment of filtering rules or monitoring of false positives. Finally, the solution should have rapid, reliable backup and recovery technology, enabling small businesses to easily restore data and protect against new threats.
5. Engaging with a Trusted Advisor
With limited time, budget, and employees, businesses should look to a solution provider to help create plans, implement automated protection solutions, and monitor for trends and threats. A trusted advisor can also educate employees on retrieving information from backups when needed, and suggest off-site storage facilities for protecting critical data
Safeguarding information in the new era of social networking should be a high-priority for small businesses. This means making sure the right policies are in place, augmenting these policies with an antivirus software that has advanced threat protection, and ensuring information is properly backed up in case of an emergency.
