Small/Medium businesses are the future of our country, they are providing the kick-start to the recent upturn in economic fortune and creating jobs along the way driving innovation and creating competition in the market. Problems can occur however, from just one data security breach. SMB's need to be particularly careful, as on the whole they are less secure than their larger counterparts, steps need to be taken to ensure data security is maintained as 2013 was a monumental year for data security breaches.
With this in mind, there are many ways SMB's can look after the data they hold. Security in general first and foremost starts off with employees, they need to understand the importance of applying good practice to the job they do. The opening of email attachments for example is an obvious one, if the sender isn't known and the origin of the email and its contents are suspicious, the last thing you would want to do would be to open an email attachment from that sender potentially compromising the system with an '.exe' file being run on the machine or other threats like it. Even things like leaving computers with valuable information on unattended for periods of times should be stamped out, employers should make it policy to have a screen timeout occur on periods of inactivity and users having to log back in again to continue. All of which leads to a previous post on password protection, it would be pointless for an SMB employer to install that policy if the passwords aren't secure.
Another important data security issue with regard to employee's is that of employee mobility. With BYOD's looking set to stay and grow in the future, then more and more business information is going to be stored on there, you can keep track of information stored on your own devices within the organisation, but its very difficult to keep track of devices that your employees take elsewhere with them, and IT administrators face a fight on their hands. These devices that more and more employees are using tend not to have as strong security because of there personal use as opposed to commercial use.
When employees who have previously had access to sensitive information leave the organisation, it is important to ensure that they can no longer have access to anything from the point at which they leave. Former employees who may be disgruntled at how they were treated could try to exact some revenge on your organisation by hacking into your systems. Making sure that EVERY password is changed upon the departure of a member of staff is the only way to stop this from happening. This is also true for third-party contractors that are used, U.S Retail corporation Target recently announced that they believe that third party vendor credentials were used to access their system in the massive data breach they endured late last year. Third-party contractors can sometimes not be familiar with security policies they aren't normally involved in, and companies can often assume that because they are only temporary they don't need to be up to speed as much as a permanent employee is.
It cannot be stressed enough the importance of creating strong security policies for your SMB. Unfortunately, to people who don't seem to understand this, security policies can seem paranoid and a waste of money. They aren't, they can shatter businesses reputations in an instant if sensitive financial information is stolen and they need to be taken extremely seriously.
The top 5 rules for your security policies should be as follows:
Manage and monitor the end-user privileges that individuals and departments have access too
Train employees in the importance of keeping information and data secure and employing good habits
Ensure that the security policies you do implement are properly enforced and consistently used
Make sure third-party contractors and outsiders are employed on the same security policy as normal users
Making sure that passwords and other credentials are changed when employees leave the organisation