How do you safeguard your business?

What do you do if you lose your laptop? Or someone knows your password to important private documents? 

How important is security to your small business?  

We ran an SMB Mini Summit with 20 small business owners and discussed the top security issues faced by UK small businesses.  We acknowledged the importance of protecting business and data, no matter how big or small your company is.    Joined by Microsoft's chief security officer, and The Director of Digital Dragonfly (a company which helps small businesses be more productive and secure with technology), it became very evident that the threats have evolved considerably over recent years as cyber criminals have become more organised and more sophisticated.  You might think small businesses could slip under the radar of organised cyber crime, but it’s not so. Not only do small businesses have valuable data and bank accounts like any other target, they are also often seen as a back door into larger targets, since they often form part of a bigger supply chain.

Despite the name, IT security is actually about a lot more than just technology. Stuart Aston likened it to protecting the jewels in a jewellery shop. You wouldn’t just rely on the locksmith alone to keep them safe – instead it’s everyone’s responsibility to be vigilant and reduce the risk of theft. 

The mobile security shift

The ability for small businesses to spin up teams remotely and work from any location has created a huge competitive advantage in recent years, but it’s also significantly changed how small businesses need to think about IT security.  It used to be that everything was contained in on-premise servers and shared via a company network. Build a big enough ‘fence’ and you could keep most bad guys out. But now data has been set free, as have employees and their devices.  Considering that there will be 1.3 billion mobile workers by the end of 2015 and 70 percent of organisations are using or investigating cloud-computing solutions, continuing to focus solely on an old fashioned ‘fence’ is like closing the stable door after the horse has bolted.

Locking it down

Using cloud services to run your business, like Office 365 for email, or Basecamp for project management, means that getting work done isn’t reliant on a particular device – you can log in from anywhere.  That’s the easy part of disposable devise. You also need to ensure the device you do use won’t leave you compromised should you let it out of your sight:

• Device encryption. Windows devices have BitLocker and Macs have FileVault – both are preinstalled and ready to run device encryption programs that ensure your hard drive can’t be cracked.

• Mobile device management (MDM). There are lots of ways to implement MDM. Simple controls are available in some Office 365 subscriptions, and they allow you to remotely wipe particular information and revoke access to sensitive systems.

• Don’t save anything directly to the device. Save it to the cloud (ensuring data is encrypted in transit of course).

• Don’t work using an administrator login. If someone manages to swipe your device while you’re logged in and working, this will at least prevent them running code to try and crack accounts or data. This is good practice in case of malware infections for the same reason.

There are loads more tips on our full report here, including Infographics, eBooks, videos and more.