Common security mistakes SMEs make and how to avoid them

Untitled.jpgBy Cassie Phillips

Your small business is just starting out, and one of the first investments you make is in the technology you need to make sure you get the job done. You need to be able to compete with the same level of security the large corporations have with lesser resources. The threats out there won’t go easy on your business just because it is new. If anything, you could be attacked more because your business is perceived as having weak security.

Yet you absolutely must defend yourself. Your computers, accounts, and networks contain vital business data that competitors can use to bring you down as well as vital customer data that, if released to the public, would tank your reputation beyond repair. This cannot happen and will not happen if your business takes the proper precautions.

Here are a few of the biggest mistakes small and medium enterprises make and what to do about them:

Inadequately protecting customer data

No matter what business you are in, if you have customer information, then consider it your business’ number one responsibility to keep it safe. Nothing can ruin a business more than a bad reputation and leaked customer data is pure concentrated bad reputation for your business. It is likely your business couldn’t take such a hit well.

What you should do is never share it online and ideally keep it locked away in a safe on a flash drive (or hard drive if there is a large amount of data). If this is unfeasible, then it should be given only to the most trusted employees and closely watched. It should never be even two steps away from a potential security hole such as an open profile or a sharing network. It might seem like a hassle, but it is a responsibility that must be upheld.

Not creating standard procedures

As a small or growing business, you have one major advantage and that is a much-reduced bureaucratic structure. If a policy needs changing, you can change it quickly and enforce it easily. Your company needs to start with a strong policy regarding Internet security emphasizing the importance of the security of the data under protection. Note that if data is under attack, then the business itself is under attack. Write everything down and do a review with the entire company every few months, even as part of another regular meeting.

If your company needs some suggestions for policies, then you should start with the basics. Passwords should be complex and changed every couple of months. Computers should not be left on overnight and should certainly not be left logged on and unattended. Personal devices and work business should not mix. Nonessential employees should not be added to sharing folders, and at the time of leaving the company, an employee should not have access to anything. There are certainly more to think of that are tailored more to the specific processes of your business.

Not protecting your data outside the office

If you are sending employees outside of the office to work, then they need to have a similar level of protection that employees inside the office have. Unfortunately if they are meeting clients in a public place and need to access files online, then they likely have to use a risky public network, which can result in a hacker intercepting any data sent over the network. This means potentially that client data or business secrets are at the disposal of a criminal who will not hesitate to make a profit.

You should make sure that you outfit employees with a Virtual Private Network so they can be protected out on the town. A VPN is a service that will connect your employees to an offsite secure server with an encrypted connection. This server will mask their IP address and not allow anyone to track them. The encrypted connection won’t allow any hackers to see what your employees are downloading, much less intercept it. For a more extensive guide and recommendations, you can check out several websites to find a good match for the needs of your company.

Not backing up data properly

When your business is active and successful, it generates a great deal of documents and data that can be useful for future studies. In addition, a great deal of customer data that might be well protected can be at risk should a computer failure happen. It is not a question of if a failure is going to occur but when, and your business needs to be prepared.

Some companies decide to try and cut costs by using a cloud service or an offsite storage service, but this is not the best option available in terms of security because everything is out of your direct control. Perhaps there will be a leak in the cloud or some other breach, and customers aren’t going to listen to your explanations of how it wasn’t technically your fault.

You are much better off trying to store data, especially the data for a small or growing enterprise, on large-scale physical storage. It has gotten cheaper, and based on the type of data (text and spreadsheets are easiest), you can maintain a physical backup for quite a while. You can safely store them unconnected to any network and bring them out when needed.

Try to review all of your options and pick out the policies that are the best for you. While there is no master solution, data protection is one thing you can rely on that is needed for your business.

_________

Cassie Phillips is a writer and blogger who likes to focus on technological solutions and safety for companies. She also writes frequently about consumer Internet security, travel, and business procedures.

Leave a Reply

brand building Branding corporate culture customer loyalty digital marketing Facebook hiring Innovation Media relations mentor networking office design publicity reputation management search engine optimization SEO Twitter Web design website design websites

Subscribe to keep up with the latest on how to make your small business a success.