David Emm (Global) - Why SMEs Can no Longer Afford to Ignore IT Security

Recent studies show that 60% of small businesses would grind to a halt if their PCs were taken down by cybercrime or IT related issues, and only 5% of small businesses have access to dedicated IT support, be it internally or externally. To avoid becoming another statistic, it is imperative that small businesses have the right internet security measures in place. However many are forced to choose between solutions aimed for home or corporate/ enterprise users, neither of which are suited to their requirements.

In light of the recent cyber-attacks on international businesses such as Google and Sony, and news that a teenage hacker broke into NASA, it's only natural that smaller businesses are worrying about the state of their online security. Small business owners are under a great deal of pressure as they need to know their core business, as well as having a basic knowledge of IT security. However, there is no need to worry, as a few basic rules suffice in gaining IT protection.

Encrypt sensitive information
Many small companies handle extremely sensitive customer data, from patient information stored by a doctor's surgery to client documents held by a law firm. All this information, which is not intended for third-party viewing, should be encrypted. Encryption translates data to a secret code and is the most effective way to achieve data security. To read an encrypted file, a key or password is needed to unlock the translated information.

Use password management
Customer databases, access to email and computers themselves should be protected using passwords. However these tools are only secure if the passwords used are at least eight characters long and composed of both upper-case and lower-case letters, as well as special characters and numbers. They should also be used only for a single purpose. Memorising a secure password like "3zP_0S$v" and then using it for everything is not good practice. Nor is it good practice to write passwords on a note stuck to the device in question (the cause of numerous losses of sensitive NHS data). This is when a ‘password manager' tool can be helpful to a small business as it memorises secure passwords.

Know who and what needs protecting
Small business owners may know which areas of their company need protecting, but what about their employees? In most cases, staff won't be IT experts either. Two strategies are recommended here; firstly, clear rules should be established for using IT systems, these should specify prohibited activities such as sharing passwords or using USB flash drives. Secondly, rules should be backed up with appropriate security settings.

Before investing in security technology, small businesses should assess the historical and current malware detection capabilities of various anti-malware products on the market. Security software for small businesses has in the past been expensive and confusing, however it is a vital aspect of business that cannot be overlooked in today's troublesome cyber environment.

By David Emm, senior security researcher, Kaspersky Lab UK



« Len Rosenthal (US) - Your Data Commutes too: The Case for True Real-time Performance Monitoring


Calum M. MacLeod (Global) - New Safety Guidelines »

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?