The technology landscape in smaller organisations and the resources available to tackle Internet malware (malicious software) are likely to be radically different from larger enterprises, but a security breach is far more likely to have a devastating effect on the revenues, or even the survival of start-up or small business.
“Small businesses can suffer hours of downtime per year for every computer used in their company, while the last two years have seen identity and information theft become the top security concern for the majority of business owners,” explains Simon Campbell-Young, CEO of specialist security distributor, Phoenix Software. “When thinking about online security for your organisation, consider the age-old medical adage ‘prevention is better than cure’.”
He explains that the essential steps to protecting any business can be broken down into three categories: Policy, technology and process. “Decide whether computers, laptops and software are to be supplied by your company, or by your staff – and reflect these decisions in your policies, purchasing and processes. Document a simple acceptable-use policy for any computer that is used for company business or media that is used to store or transport company data.”
While policies are a vital first step, technology and process are equally important. Ensuring that all operating systems and application software are updated with the latest security patches as they are developed – preferably using automatic update technology – is vital. All business owners should ensure that all computers have an up-to-date security software suite on them, and every computer should have its own firewall software, in addition to any premises-based network firewall they may be running.
Campbell-Young adds that any business that is managing its own file storage and e-mail servers must ensure that these are also running up-to-date security software. In addition, it is vital to create an acceptable password-strength policy and ensure that all computers and other IT equipment are password protected.
The third pillar of comprehensive protection is process, starting with taking security breaches seriously. “Isolate any compromised systems from the network and involve an IT security professional if necessary to ensure the malware is fully removed,” he says. “A standard requirement should be that all security incidents are promptly reported and managed.”
All staff should receive basic online security training and instruction in the company’s policies, and that regular backups are taken of all company files, data, e-mail and other systems. “Change all passwords regularly, especially when an employee or contractor leaves the company, and in particular change administrator passwords or shared passwords to centralised networks or systems,” he adds.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.