It's surprising how many businesses do not even practice security essentials. Practically every day, I hear someone asking us if they can use a simple password as the one we gave them is too hard to remember. When you see what they suggest, it turns out to be the name of their dog or their son or daughter. Ask them another question and the same password will almost certainly the one they use for everything. With other businesses, they will happily tell you that they have no policy of updating software or way of checking safe practices amongst their employees. All we would say to them is that you had better have access to a nice loan or a sizeable reserve of cash for when Cryptolocker gets you! We even know one business who kept a sizeable database of customer information, who, when asked what they would do if this was hacked and they faced a massive fine from the authorities, replied that they just did not care on the grounds that "it would never happen to them".
That will no doubt look good when they need to explain themselves to the data protection authorities.
When it comes to security, every business should accept the fact that it will happen to them, so they should spend at least some of your precious time thinking through the consequences.
Ten simple things you can do to protect yourself
There are no certainties in this world, but these ten items are the minimum you should be doing to get yourself started on making yourself secure:
- Ensure your anti-virus and anti-spam software is up to date and that your firewalls are intact and working. Test them regularly in the same way you would test your kitch n smoke alarm.
- Have a strict policy of updates. Carry these out regularly and check their performance on the devices your business uses. Just because you like XP and you are "used to it" does not make it secure if that PC accesses the internet.
- Use strong passwords. Require regular password updates. This simple practice actually works as a way of helping your employees keep secure. An even stronger alternative would be to insist on two factor authentication
- Make sure your networks are secure. This includes protecting your wireless networks
- Write a clear procedure for the use of email, internet and mobile devices. Spot check to ensure that these are carried out and not abused
- Make sure your staff are well-trained in their security responsibilities. If the information is critical do not be afraid to carry out a background check.
- Have a back up plan. This should cover information disposal and disaster recovery. Practice back up and restore to ensure you can implement it.
- Carry out security risk assessments regularly. This should identify the important systems in your business and the information you need to conduct your business.
- Institute proper protection for your website and carry our regular checks. Make sure this includes back up and restore
- Check provider credentials when using cloud services. They should be even more secure than you are and be able to demonstrate it.
Nothing Original in this
There is nothing original in this post. It may be that you are the sort of person who never checks the tyre pressures on your car too. Just don't come crying when something goes wrong. At best it is going to cost you moeny you never intended to spend. At worst, it will bankrupt your business.