The majority of small businesses now use or rely on IT to a major extent. Of course, there are tremendous benefits to be had, but how prepared are business owners to deal with the risks IT systems pose if they are not adequately secured?
Every day there are thousands of cyber-attacks on companies in the UK; in 2014 65% of small businesses experienced a cyber-attack, according to research from www.itsecurityjobs.co.uk.
The aim of most of these attacks is to steal data, information, money or even just to disrupt your company so it is important to be aware of these and do all you can to avoid this happening to you.
Why is IT security important?
- IT security is important as it provides credibility to your supplier and customer. If your business is compromised then this may have a reputational effect in the market place
- Any data that is compromised is likely to impact your business, as confidential information may be shared into the market
- There may be direct monetary loss through hacking
To start with you always need to make sure you have nailed the basics, these being simple things such as downloading software updates when necessary, using strong passwords, removing/ not opening suspicious junk emails and using anti-virus software and making sure it is always up to date.
Always ensure you have assessed the possible risks to your business in regards to what type of information and data is at risk and could be targeted. You should also assess all the IT equipment used by your business including computers, mobiles, tablets etc. and then understand the risk to these devices, how these can be managed and who has access to them, as it isn’t just computers that will be targeted.
It is important that at least some of your staff have appropriate training to make sure they are aware of the possible threats and how they can be avoided and dealt with. It may be worthwhile seeking advice from professional IT security consultants additionally, considering who you will turn to for support if you were attacked and do you have a contingency plan in place?
Steps to analysing and securing your IT
When it comes to putting security controls in place make sure you take the following steps:
- Increase the protection of your network by using firewalls, proxies and other measures
- Keep an updated document of all the IT equipment and software used. Change any default passwords to strong passwords
- Install antivirus software on all devices and always update your software and web browsers
- Restrict where not relevant staff and third parties access to IT equipment and information
- Take extra precautions when staff have access to information when working from home or on mobile devices
- Monitor the use of all equipment and IT systems and keep a close eye on any unauthorised or suspicious activity
The following steps will help you analyse your security and respond to any changes or problems that may occur:
- Test and keep a close eye on your security controls on a regular basis
- Always remove any software or equipment that you no longer need or use, making sure there isn’t any important information or documents on there
- Disposing of IT equipment is important. Do not sell on IT equipment where data may be able to be extracted – even if you have deleted it!
- If you do become a victim of fraud or a security attack you must report the incident to the police through the Action Fraud website. If it will affect your customers or suppliers you must notify them of the attack – it is always advised to be honest and upfront.
Additionally, as a business you are legally obliged to store data correctly and not share personal data. If you hold and process information about your clients, employees or suppliers, you are legally obliged to protect that information. There is further information on the ICO Website
Cyber security has evolved to become a fact of life and part of day to day business for small companies. Whilst it won’t add revenue to the bottom line, conversely it can create a massive negative impact should your company be a victim of a cyber attack.