5 things all SMB’s should implement to improve data security
We work in a digital world empowered by the Internet, which provides all businesses with unrestricted potential for growth. Despite the many benefits that working online delivers, sadly it also makes all organisations a target for cyber-attacks.
With cash flow, staff and other business-critical issues to deal with, it’s understandable that cyber security can sometimes feel like a distant threat. However unimportant the topic may initially sound, cyber-attacks are growing at an exponential rate and what was previously an annoyance, now presents itself to be a serious threat to all organisations including SMBs.
According to the UK government’s 2015 Information Breach Survey, 74 per cent of small businesses had encountered a security breach during 2014 (Up 60% on the previous year), with the worst breaches exceeding costs of £75,000.
Unfortunately the damage often doesn’t stop there. The more critical threats we have seen in the industry over the past year, such as the introduction of Cryptolocker and other ransomware, are known to have caused an abundance of downtime, in some cases grinding business operations to a complete halt. As if this isn’t enough, there is of course the damage to business reputation… who wants to be the person to make the call to your most valued customer to say “Sorry, your information on our system has been compromised” anyway?
The common lack of understanding around cyber threats and the crippling effects they carry leaves many SMBs vulnerable to losing data and suffering the knock-on effects such as losing customers and a damaged reputation.
Despite this 24% of small businesses think that cyber security is too expensive to implement and 22% admit that they simply don’t know where to start…
Data Security does not need to be complicated.
A simple approach can deliver significant improvements and you may be surprised that you don’t have to invest a lot of time, money or resources!
Here are my Top 5 tips to improve data security for SMBs!
1. Audit access permissions of Internal Systems, lock them down!
It should come as no surprise that one of the biggest threats to your business is your staff. Whether its human error or a disgruntled employee, the security of your sensitive business data can be compromised by your in-house team.
Whilst it is not practical to implement security measures that impede on your staff carrying out their day to day duties, it is critical that at a senior management level you understand the different levels of access to data across your business.
For those interested in pursuing this option, the first step should be to engage with your IT department or IT provider to request a complete audit of permissions across all file shares, folders and mailboxes and remote access to systems. Once a report has been compiled, you can then begin to review the system access and make changes to individuals or teams where appropriate.
2. Keep sensitive passwords secure
Weak passwords create an open gateway to your network for hackers, both internally as well as externally. Whilst it is important that you encourage your workforce to set complex passwords on their accounts (my personal recommendation being 6–12 characters, a combination of upper and lowercase letters, at least one number and a symbol), it is even more important that administrator passwords for Servers, Software packages, and other systems are kept random, stored securely and not shared.
Remembering secure passwords can be a headache. I’ve lost count of the amount of times I have gone through the “Forgot Password” process.
My utility of choice for managing passwords is a system called KeePass. KeePass is a free password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. The databases are encrypted using the best and most secure encryption algorithms. KeePass can also be used to generate random passwords, ideal for your administrator accounts. Check it out!
3. Invest in a Comprehensive Anti-Virus Program
Anti Virus is an area which is often neglected by SMBs. For reasons mainly driven by cost, in an attempt to save money, many business run their operations from workstations which are ‘covered’ by a FREE solution or even worse, no solution at all.
In both scenarios, neither provide a comprehensive level of protection to keep hackers away from accessing your system.
The market is congested with AV products, all claiming to offer ‘the complete solution for your business’, often making it difficult to decipher which one is the right balance between protection and price.
Engaging with a provider who can offer an Anti Virus solution as a managed service can deliver real benefits. As well as being cost effective, a managed solution will centrally monitor your protection to ensure your systems have the most up-to-date defences available, removing the administrative headache.
4. Download the latest software updates
They may appear inconvenient at times, but don’t ignore those prompts reminding you to download software updates. Despite from an end user point of view where it seem that these updates don’t make a difference, they contain vital security patches and upgrades which help protect your systems from viruses and hackers.
5. Implement a Next Generation Firewall
Too little security can be worse than no security at all. Any organisation that simply implements any low level firewall and then forgets about it has a false sense of security that can lead to unexpected attacks.
Hackers have become creative in the way they transmit their malicious programs. No longer are they an obvious gesture, relying on poorly educated IT users in order to run and execute, many are embedded in first appear to be legitimate business documents, opened unknowingly by your staff.
Although user education always contributes to minimising the risk, it can never offer a complete remedy to the problem. Implementing a comprehensive firewall appliance to inspect traffic coming in and out of your network is by far the most effective solution.
Dell SonicWALL deliver state-of-the-art, enterprise-class security at an SMB price. The Dell SonicWALL Next Generation Firewall (NGFW’s) incorporates everything a traditional firewall does with advanced capabilities to enable businesses to confidently say “yes” to the applications they need. Dell SonicWALL solutions provide comprehensive security features such as intrusion prevention, URL filtering and remote access.
Thank you for reading! Think this article might be relevant to one of your connections? Share it with them!