Online criminals are increasingly targeting smaller companies, so no matter whether you store client lists or confidential product information electronically, take steps to protect your IT and data.
- Make IT security a priority. Technology is integral to every small business, even those with just one computer.
- Make someone responsible for IT security and ensure they have the time and resources to push through changes. If not, it's easy for things to get overlooked.
- Assess the risks to your IT system. Look at how you and your employees use IT to identify vulnerabilities. For example, your internet connection should be protected by a robust security package that includes virus and malware protection, plus a firewall.
- Take care of IT security basics. Simple precautions like not opening email attachments from unknown sources, learning about threats like phishing and changing passwords regularly can significantly reduce the risks.
- Draw up an IT security plan. Once you have identified the risks your IT system faces, write an IT security plan. This should set out general rules to minimise the threat of hacking, theft and data loss.
- Be prepared to invest time and money. Good security software with regular updates usually costs money. It also takes time to identify what precautions you need to take.
- Perform regular backups and test that you can restore your data from your backups. At some point, every business will suffer a data loss - perhaps a result of accidental file deletion or a failed hard drive. Having a good backup system enables you to recover important data and carry on working.
- Protect lost property. One of the quickest ways for someone to access your data is through lost or stolen laptops, smartphones or USB memory sticks. Mobile equipment should be password protected and encrypted. Implement a remote wipe system so your data does not get into the wrong hands if a device is lost or stolen.
- Be aware of staff-owned devices. If employees are using their own smartphones or tablets for work then make sure this doesn't create additional security risks.
- Train your staff. Ensure all employees are familiar with your security plan. Explain security procedures clearly, both during training and in employment contracts. For example, make it compulsory for staff to change their passwords regularly or to encrypt sensitive emails.
- Make it easy to be secure. One of the biggest threats to good security is employees who circumvent rules because following them makes their jobs difficult. It's important your security measures don't place an unreasonable burden on staff.
- Secure your website. Your website could be one of your weakest spots if hackers target you, particularly if it is the main point of contact for customers. In particular, make sure your online shop is secure.