How safe is your business data?

For most businesses the answer is likely to be not as safe as it could or should be. No business is truly safe from a data breach – just look at some of the large businesses (that invest heavily in IT security) that have been a victim over the last couple of years, such as Dominos, eBay and Sony.

There are three key areas that SME business owners can focus on do to improve IT security and minimise this risk.

PASSWORDS

These are the first line of defence against a breach. I would advise every business to have a strong password policy – typically this includes minimum password lengths (I would recommend eight as a minimum), specify the use of complex passwords (ie. ensure staff use more than two character types) and ensure passwords are changed on a regular basis. Too many businesses do not do this, keeping the same weak passwords for years – sometimes the same password used by everyone.

DATA SECURITY

Who within your organisation has access to your key business data? Does everyone really need access to the company’s business plans or financial data? Does everyone need full access with your Sage accounts package? Some businesses will keep business sensitive data in shared areas, accessible by all staff for ease – but remember the threat of a data breach isn’t just something that comes from outside a business , it can come from within too. For the same reason, providing staff with administrator rights to your company network should be avoided if possible – and this should also reduce the risk from viruses and malware.

CYBER SECURITY

Ensuring you have appropriate security systems in place is also essential. Firewalls should be used to protect the gateway to your company network and guard against unauthorised external access – but this does not protect against viruses, malware or phishing attacks. Staff connecting USB drives is another way threats can get into your business – and you should consider if this really needs to be allowed. Having good software on all computers will help minimise the threat, as will having a separate security product at your company’s gateway. The impact of cyber threats can vary wildly, one of the most destructive recent viruses, Cryptolocker, will try and encrypt any data it can access and make impossible for staff to access – a worry for any business and a good reason to keep access to key business data restricted.

All of the tips above should improve IT security and minimise risk for many businesses, but this will not guarantee to stop all threats. Alongside improved security, businesses should also ensure they have a robust backup solution such that data can be recovered should it be lost through security breach (or for any other reason). But that is a subject for another day.