Small to medium size enterprises (SMEs) usually don’t have a huge budget for IT security. Nevertheless, they are faced with numerous security threats in today’s world, and have to deal with many of the same security challenges as large corporations.
While small in size, SME make up the larger part of most economies. And just as for large enterprises, their clients need to know that their credit card numbers and personal information will be kept safe by an SME.
Therefore, in order for an SME to be able to accept online payment, it must be able to handle basic IT security.
Here are our top tips for SMEs to build up effective IT security, even without the resources of a large company:
-
Give your staff mandatory training on all common cyber threats.
It’s a mistake to hope that hackers only target large companies. Nowadays, they go after everyone, including small businesses, and even private PCs.
Hackers usually target computers used for online monetary transactions, and these machines, and their users must be up-to-date with latest security measures, in order to deal with this threat.
In the most commonly used approach to date, cybercriminals send emails that carry viruses in their attachment. If a recipient can be persuaded to download and open the attachment, the computer becomes infected with malware.
From one infected computer, criminals can often get access to entire networks.
Of course the first line of defense is always a good spam filter. But some emails still tend to make it the inbox, and so your staff must be trained how to recognize them, and cautioned not to open them, or to download anything from them.
-
Set up an automated procedure for daily backups.
In case of a cyber attack, a backup of your data gives you the option to wipe your whole system, and thereby eliminate the malware. Following this, you can then restore all previous data from the backup.
However, if you choose this option, you have to be sure to wipe all data from all machines that are infected, so no virus remains in the system.
Of course, a full backup that is kept off-site also protects your data from other threats, such as natural disasters or fires.
-
Protect sensitive information from staff members who don’t need to use it.
If you keep sensitive data on your computers or servers, set up a clearance system to regulate who is allowed to access this data, and how.
Train your staff to keep sensitive data only on designated machines chosen for this purpose, and not to move it around your network.
This is particularly relevant when staff members are given access servers from their personal computers, or even from home.
The more sensitive your data, the more detailed you have to be in regulating who has access to it. In addition to password and two-factor protection, you might even want to consider biometric access control.
Of course, when an employee leaves your company, you have to have a process in place to revoke their access to your data instantly.
-
When employees leave the company, make sure you get their data
Since even the most sophisticated transactions can be done on a PC nowadays, it’s important to make sure you keep all employee PCs when they leave the company and any other device that they may have worked on.
Because of this, it’s generally a good idea to insist that employees only work on company machines, instead of bringing their own PC to work.
Also, when it’s necessary to dispose of an old PC, it’s best to completely destroy the hard disk, in order to make sure that no data can be retrieved from it.
-
Set up a basic security system.
Even without a huge budget, it’s possible to set up a basic security system that’s effective in defending against most cyber threats.
A basic security system includes a firewall for wireless machines, as well as advanced malware protection on all computers and servers.
Make sure to use a good anti-malware program, and ensure that it’s installed and activated on all company machines. In addition, train your IT team to keep this program updated on all machines.
For credit card numbers and other sensitive information, it’s also a great idea to use data encryption.
-
Regulate access to your computers and servers.
While most threats come via the Internet nowadays, you should also protect your computers and servers from being accessed by outsiders.
Most companies use keycards to regulate access, and you should too. You can also use keycards for server rooms to prevent unauthorized access.
-
Consult an IT security company
If you aren’t sure how to set all these things up and keep them running optimally, consult an IT company that provides security support. They can either tell you how to do it right, or even manage your security for you.
It can take years for SMEs to build up the necessary expertise in IT security, but a company that specializes in IT security support can get your security system set up and running in no time at all, and help you run it as a managed service.
This option is very attractive for many Startups and SMEs, as it allows their IT team to focus on their core business, instead of having to learning to become security experts.