Share via


Lessons in IT security: 5 rules small businesses need to follow by Matthew Stibbe

When it comes to IT security, there’s no such thing as ‘too small to suffer.’

Cybercrime costs UK small businesses around £785 million per year. In 2014, over a third of spear-phishing attacks targeted small businesses and in the same year, the number of data breaches increased by 23 percent.

That’s why we’re sharing these top tips, which emerged from our latest small business mini-summit, ‘Safeguarding your Business’.

 1. Have an IT security policy

‘People think that security is a technical problem. It’s not. It’s a person problem,’ says Stuart Aston, National Security Officer for Microsoft UK.

Human behaviour is one of the biggest weaknesses in any defence system, so you need to inform and explain to your employees:

  • What the risks are
  • What data is valuable or critical to the business
  • How they should handle that data
  • The correct behaviour around and use of company systems and networks

Don’t be daunted by the thought of creating a deadweight document. An IT security policy can be short and to the point. Start by identifying what data matters most to your business and how you want it handled, and build from there. For example, insist on making use of the Information Rights Management feature in Office 365, to control changes and access to key documents.

2. Protect your passwords

Whether it’s remembering, storing or sharing them, passwords were a big topic at our summit. The key message from the experts? Passwords are private. They are there to protect both your data and your identity and they need to be treated with care. If you share a secret, like a password, it’s not a secret any more.

Think of them like credit card details: you wouldn’t store those on a post-it on your desk or give them away to contractors who need to make a one-off purchase for your business, so why do the same with a password.

  • Have a highly secure password for your most important login, a different one for a couple of the next most important, then another for the rest. While not ideal (you should have different passwords for everything) it does lower your risk of a breach to what matters most.
  • Do not use the same password for your primary work email and primary personal email.
  • Use a password management app such as LastPass, PassLock or 1Password.  

3. Make your devices ‘disposable’

Small businesses have benefited greatly from the increase in mobile and flexible working, but it has led to a reliance on easily lost or stolen devices.

Francesca Geens of Digital Dragonfly suggests using cloud services, like Office 365, cloud storage such as OneDrive for Business, and device encryption, such as BitLocker, to effectively make your tablets, laptops and mobiles ‘disposable.’

This means if one does go walkabouts, you can retract access to any cloud accounts remotely and ensure there’s no risk of a data leak.

At the same time you can buy a new device and have it up and running in no time, because all your data and applications are already in the cloud, ready to download to the new system.

4. Stay up to date

As quickly as new defences are created, cyber criminals evolve their tactics to find a way around them. That’s why it’s so important to stay on top of patches and updates. Every release includes a response to something new in the threat landscape and helps to keep you safe.

You should also make sure that every device has anti-virus software and a firewall enabled. Windows Defender, for example, comes built in to Windows 8 and Windows 10, and for those of you with something a little older, you can download Microsoft Security Essentials for free.

5. Get safe or go home

In today’s threat landscape, there’s no such thing as perfect security. That doesn’t mean it’s all doom and gloom: the better prepared you are, the smaller the impact on your business, so plan for ‘when’, not ‘if’, you suffer security incident.

Remember: nobody’s safe, but not everyone has to be a victim.

Check out more posts from Matthew Stibbe on his blog https://www.articulatemarketing.com/blog  

 

For more information on keeping your business secure you can also visit the Microsoft's Safeguard your business hub for further advice.