Make Smarter Decisions About Your Business’s Security And How You Manage Users
It takes a lot of hard, but rewarding, work for SMBs to achieve success. However, SMBs are frequent targets of cyber attacks, which are becoming more sophisticated, and it’s not enough to just install the latest anti-virus software or set up a firewall and call it a day.
When vital business information and systems are accessible via the internet, it’s critical for SMBs to have a comprehensive security plan. But as anyone who owns or has worked at an SMB knows, resources are limited.
1. Identify Assets
The first step in selecting tools, building good policies, and creating processes for security is to fully understand your company assets. This sounds simple, and it can be, but it needs to be an honest examination of your entire business, ensuring that no rock is left unturned.
There are things you may not consider to be assets, yet are valuable to potential thieves, and there are the obvious things, such as intellectual property, customer lists, bank account info, etc. Other potentially softer, targets (like email address lists, passwords to various devices, etc.) can be enticing to hackers as well.
2. Gauge Risk
You need to ask yourself where does your data sit and who and what has access to it? How do employees interact with it? Are they using PCs and mobile devices? What are your physical assets and what protects them? Is there a network component to your physical security? Do you use a password for everything, or just some things?
These are just a few of the questions you need to ask yourself or hire someone to come ask for you. The good news is that most of security involves just plain old common sense, so put your thinking cap on and look at everything from data, mobile devices, customer info, physical security, and all points in between.
3. Identify Tools and Services to Protect Assets
When it comes to identifying tools rather than just throwing up a bunch of links to companies, it helps to look at this from a financial point of view.
All SMBs should consider using cloud resources whenever possible for security. Even if you don’t want to fully commit to the cloud, you can still get added protection by a combination of on-site equipment with off-site support.
The term “cloud” can mean multiple things, and not all clouds are equal. SMBs should take advantage of the economies of scale that are offered by certain vendors that are either selling security services or are providing other storage or computational services that are highly secure.
What companies and organizations should be looking for are vendors who understand security and are able to back that knowledge up in their contracts (and yes, you should read the fine print). You will also need to have a basic understanding of what makes a platform or service secure—and if you do not, it’s best to talk with a reputable security professional to help you.
Beware of companies that offer cheap cloud computing and storage solutions, which is a red flag. You don’t need to break the bank, but bargain shopping is not advised when it comes to protecting valuable information. Many of these providers use shared resources with no segregation of customers, which can cause a ripple effect in the event of a DDoS attack or if another customer is a victim of a malware attack that spreads into their servers. Look at the solution with an eye towards worst-case scenarios before signing up. You may pay a little extra upfront, but protection of your vital assets will be worth the investment in the long run.
4. WrapTools and Services Into Policy and Process
Policy will be dictated by your assets, business, and people. Policies should be designed to work with your business, not hinder it, all while boosting security. Since you now know what your assets are, the policies and processes you roll out should be laser-focused on protecting those assets. Also, think about how you use certain tools, as that will help you further refine (e.g., mobile device usage policy that contains security measures). Some good basic policies to follow include:
- Keeping personal stuff outside of the office
- Using strong passwords for everything
- Refraining from writing those passwords where others can find them
- Teaching employees the policies and enforcing them
- Incorporating employees as part of your monitoring system
- Only using secure connections when working outside of the office
5. Educate your workforce
The best and most cost effective security system you can put in place is employee education. For SMBs in particular, this should be a no-brainer as they tend to have a smaller set of people that were hired because they have the ability to help grow the business in some way. You have invested in them and trained them to do their jobs and rely upon them to do so, but in the world of security, people are generally the weakest link in the chain.
By developing a program that not only trains your employees on good security practices but also gets them invested in the various policies, businesses can maximize security efforts without having to make a large investment. If you have employees who are empowered, engaged, knowledgeable, and security-savvy, then you are well on your way to a more secure environment. The greatest security system in the world cannot protect you if employees ignore policy and are engaging in risky behavior while on company devices.
Many SMBs tend to focus more on building their business, rather than protecting it, which is understandable. But by incorporating security at its inception and building in security policies, tools and education into your normal workflows, you will be more successful in the long run.