Risk management—the forward management of negative events while taking into account the probability of those events occurring—is a necessity if you’re to protect company data. Like avoiding accidents in the workplace, you can prevent business disasters by being vigilant when it comes to data storage and network protection.
To avoid the consequences of a network breach, such as the IP address hack at Delegait, it’s important to protect your network by limiting access to the deeper levels of your local area network to key people who use it. Storing data off site is also a good idea as it means you can still access records if your network has been compromised in the office. As Delegait co-founder Andrew Ward suggests, understanding a bit about IT helps, even if you outsource that department.
A recent survey of small to medium businesses by global online security software company, Symantec, revealed online security risk was an increasing concern for Australian SMEs. “The research shows that organisations are aware of the significant risks surrounding the storage of information and are clearly prepared to take no chances, with 98 percent of Australian SMEs backing up their business-critical information,” says Steve Martin, Symantec mid-market manager, Australia and New Zealand. “However, faced with new and evolving regulatory compliance requirements and a growing mobile workforce, SMEs are under increased pressure to secure and manage their information in a timely and cost-effective manner.”
Martin outlines ten tips SMEs can use to stay safe:
1. Keep updated with changing threats and technologies. Employees and executives need to be aware of new threats. Security awareness training can go a long way to protect a company from attacks.
2. Create policies that address mobility and social networking. Corporate internet security policies should be put in place and all users need to understand how to comply with these policies. Policies could cover areas such as what data is allowed to be stored on mobile devices, to company policies about access to social networking sites.
3. Be careful how much information you divulge. Attackers use information gathered from social networking sites to carry out targeted attacks.
4. Be careful about third party applications and emails. Hackers can embed malicious code or malware into these applications, which can give access to a user’s profile.
5. Limit access. Unless the company requires it, consider disabling access to popular social networking sites.
6. Treat PDAs and smart phones like computers. Just like computers, mobile devices need to have up-to-date antivirus and firewall software installed to protect them.
7. Get specific. Hackers use mobile technology that targets SMS and MMS services,so mobile devices need to be installed with an anti-SMS spam service similar to an email spam service.
8. Protect your mobile data. Encryption software protects data as well as memory cards on devices in the event they are lost or stolen. Alternatively, a data wipe tool erases all data after a maximum number of consecutive failed login attempts.
9. Don’t be naïve. Mobile technology and social networking sites are seen as the path of least resistance to malicious activity by hackers. A security breach in one of these areas could compromise your business.
10. Don’t shy away from embracing new technologies. Mobile technology and social networking can be fantastic tools for SMEs if they are managed properly. Mobility devices free employees to conduct business any time, anywhere, but it is important to deploy the appropriate security measures at the front end rather than leave it as an after thought. Business oriented social networks can be a real bonus to business—as long as users take precautions.
Another step businesses should consider in their crisis management planning is taking out insurance against financial loss caused by equipment breakdown resulting in data loss. While insurance won’t prevent crises, financial compensation can assist the execution of a contingency plan, especially if your business subsequently needs to reimburse clients for their downtime, as Delegait did.