Best practices for IT security: The SMB top four
If you’re running a small business, chances are there’s enough on your mind that IT security isn’t a top priority. It makes sense — with 50 per cent of SMBs failing in the first five years, it takes a combination of determination, effort and good luck to make a small business work. The problem? Ignoring IT security could land you in the wrong 50 per cent if consumer or credit data is stolen, information is destroyed or a post-incident investigation reveals you didn’t do enough to protect this data. It’s not all doom and gloom, however: Here’s a look at the top four IT security practices for SMBs.
Identify your risk
Hackers are now targeting SMBs. Why? Because cybercriminals know that small businesses are often have critical consumer data like names, addresses, Social Security numbers and credit card information. They’re also aware that SMB IT security — as a general rule — isn’t on par with enterprise security, meaning attackers have a better chance of getting in, getting what they want, and getting out before they’re detected. New research from independent research firm Ponemon Institute found that 50 per cent of SMBs experienced data breaches over the past 12 months. Your best practice here? Plan IT security with high risk in mind: SMBs are not a second choice for hackers — in many cases, you’re a top target with valuable resources. Plan for a serious, coordinated attack.
Protect your data
The next best practice to secure SMB IT? Make it standard practice to fully defend your data. Start by making sure that every piece of critical information on your network is encrypted. This starts with data in transit — sent from and received by your business — but it’s also important to protect data at rest. If hackers get their hands on anything, it should read like gibberish, not shine like gold. As OpenDNS points out, SMBs should also take steps to regularly back their data. This might take the form of off-site servers; cloud storage or even tape drives; just make sure you have more than one copy.
Where possible, hackers prefer the easy route to more complex and high-risk methods — why get caught trying to subvert antivirus programs or sophisticated defenses when they can simply log in through user accounts? If you don’t think it happens, think again: As noted by recent research, top passwords from 2015 included the ever-popular “123456,” “password,” “starwars” and the oh-so-secure “letmein.” How do you solve this problem? Start with a hard-and-fast time-frame for password changes; six months is a good rule of thumb. Make sure everyone — from owners and managers down to front-line employees — follows the same rules. For example, don’t let staff re-use the same password, opt for a minimum character length (eight or more) and prevent the use of repeated characters. Since you’re probably not an IT pro, it’s worth spending on reputable password management software to help manage user logins.
Think outside the organization
You can’t do everything yourself. In the same way you outsource manufacturing, accounting software and even marketing responsibilities, it’s now possible to tap a reputable third party to handle SMB IT security. Managed service providers not only have access to substantial cloud resources — keeping your servers free for critical, as-needed data — but also a wide variety of specialized tools and solutions designed to protect key assets. In addition, the right service partner can help draft a customized IT security policy that meets the specific needs of your business. Here, the key is research and reputation: Look for a provider staffed by IT experts with substantial experience in the industry, and always opt for a partner that offers 24/7 service. Running a small business is no easy task, but leaving IT security off the table is a surefire way to increase the chance of network compromise. Protect yourself by recognizing risk, defending data, prioritizing passwords and opting for outside help.
Tesno Technologies works with the latest security tools and technologies to keep our clients data safe. Contact us today for a network security assessment. Info@tesnotech.com