
If you’re running a small business, you need to wear many hats. Unlike major companies with a fleet of staff and roles, the small business-person must at times be an accountant, a content-manager, a boss, a secretary, a logistics expert, a negotiator, a cleaner.. the list goes on.
One hat you will definitely need to try on is the IT (Information Technology) security hat. Problems arising from security breaches can cost you credibility, time, money, and even your entire business. In this article, we’re putting forward 10 principles to help avoid that eventuality.
1. It will happen to you
Well, it will if you’re in business long enough. Sooner or later, you’re going to encounter a security-related problem which will cause you grief. The mentality to assume is “prepare for the worst, hope for the best”. A proactive mindset is the most important step to take.
2. Be Aware and Informed
Be aware and informed. Visit Scamwatch, the Australian government’s scam-watching website, and become familiar with the scope, types and methods of scams and attacks on businesses. Keeping up to date with this information is a useful reminder of why vigilance is imperative.
3. The Weakest Link
A security system is only as strong as its weakest link, and malicious attacks always focus on the weakest link. Often this link is human behaviour. Getting someone to click on a link is a lot easier than trying to hack into their database, but the same results can be achieved.
If you have staff, make sure you’re keeping them up to date with modern scams and attacks. Training and communication, and the promotion of awareness within the business, are the key to strengthening the human element.
4. Have a Process
Having a proactive security process which evolves with your experience and information is a useful strategy. The benefit of a process is that it can then be applied to similar subsequent scenarios, helping you to avoid making the same mistake twice.
5. Keep up to Date
Keep your operating systems and software up to date on all your devices. This will help protect you from vulnerabilities in older software, which are constantly being targeted and exploited. Keeping software up to date was a major finding following the Petya Media Virus in 2017.
6. Back Up Your Data
Backing up is a simple and effective way to protect your information. In the event information is compromised or lost, a backup will ensure your records are intact.
7. Manage Access
The most important principles regarding access are to only grant it to the extent required to do a job, and only for the duration that it’s required.
8. Lock Devices
It’s a great idea to lock your phone. If you’re like most other people, your phone might be used to access email, banking, personal information, photos, conversations.. be in the habit of locking your phone if you’re not using it. That will make it harder to access, in the event it’s stolen or misplaced.
9. Minimise Complexity
A strategic approach to ITC (Information Technology & Communications) is to avoid complexity by working with native functionality. It’s usually better to find solutions that natively support your requirements, rather than creating solutions from complex combinations. Keeping it simple is easier to secure, since less assets are involved.
10. Actively Delete
If you’re not using something, why keep it around? There may be a good reason to keep something, but if there isn’t, delete it! Deleting information frees up storage space and strengthens security. If you don’t have it, you don’t have to worry about it.