By Ross Walker, director of small business and distribution, Symantec UK & Ireland
While 65 percent of small businesses surveyed believe that Internet security is critical to their business, only 28 percent have formal Internet security policies. As organizations combat an increasingly sophisticated threat landscape and feel potential impacts to IT staffing reductions due to the economic environment, employees remain the strongest defense in protecting an organization’s information. Small businesses can significantly reduce their vulnerability by following these simple steps to create an informed security environment and protect their critical information from exploitation, cyber attacks, unauthorized access and fraud.
1.Educate your employees: Only 38 percent of small businesses provide training to their employees about Internet safety and security. Your employees are vital to your company’s security posture, so empower them to keep your information and systems safe! A security awareness program with training and guidelines to enable employees to carefully consider the security implications of their online behavior. Require your employees use passwords that mix letters and numbers (not names or dictionary words) and change them often. Educate employees not to use file sharing programs or download free programs from the Internet.
2.Combine policies and technologies: More than 33 percent of small businesses do not have the most basic protection of all–antivirus. As the number and sophistication of Web-based viruses and malicious code continues to rise, small business need to be secured with more than just traditional antivirus technology as they are susceptible to the same type of attacks as large businesses. Polices and education need to be coupled with an integrated solution to protect information wherever it is accessed–from servers to desktops and laptops. Install an integrated security suite solution that will prevent virus infection, block intruders, protect privacy, and stop malicious programs. This will be simpler to install and manage and will keep you completely protected.
3.Protect Your Mobile Workforce: More than 66 percent of employees take computers or PDAs containing sensitive information off-site. 62 percent of the companies surveyed have a wireless network but 25 percent of them do not password protect their wireless networks. All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorized entry and malicious activity. Create and enforce policies that identify and restrict applications that can access your network and ensure employees follow best practices when they work remotely.
4.Backup Valuable Data: Small businesses are handling valuable data: 65 percent store customer data, 43 percent store financial record and reports, and 33 percent store credit card information and a 20 percent have intellectual property and other sensitive corporate property. It is critical to back up important data regularly and store extra copies of this data off site. Train your staff to perform basic back-up tasks unsupervised. Backup systems as well as applications and files at least daily, and test the backup and recovery process periodically to be sure it works.
5.Stay informed and update often: Only 53 percent of small businesses have someone check company’s computers to ensure that their operating systems and security software are up-to-date. Stay aware of the security threats you face by reviewing reports published by industry experts. Keep antivirus software up-to-date by downloading virus definitions as soon as they are available and regularly apply updates and patches.
The growing complexity of information security threats puts proprietary information assets at risk on a daily basis. Awareness of the risks and available safeguards is the first line of defense for the security of information systems and networks. Technology alone cannot secure an organization; an organization’s workforce must understand information security issues and behave in a manner that minimizes risks.