Tag Archives: Information Security Tips for Small Business

Information Security – Is it a productivity road block?

Image provided by http://www.flickr.com/photos/wwarby/

A recent survey conducted by Government Business Council shows that many officials in government agencies think information security is a barrier to increased productivity.The survey references blocked websites that prevents access to needed information and inability to effectively work remotely (presumably due to security limitations) as the primary pain points. An interesting but unsurprising side effect noted in the survey was that user’s who are blocked from getting information in one method will sometimes resort to utilizing less secure methods to access the information.

How do your users feel about information security impacting their productivity? If you have not asked recently through informal checks or surveys you may be surprised. They likely feel the same way and may be taking additional risk to access the information they are trying to get. It is important to balance information security protection with usability to ensure you are not missing opportunity or limiting productivity.

Some things to consider

  1. Information security requires continual education and engagement with your user community. It involves a give and take where you must educate and inform but also listen to feedback to ensure you have not set up unneeded barriers that negatively impact productivity
  2. As much as possible schedule security scans to occur at a less than peak time to minimize disruption. When this time is will vary by company so plan it based on your business requirements
  3. If you have implemented web filtering create a feedback loop so you can learn about web sites needed for business use that are being blocked inappropriately. Evaluate and take action as appropriate to show that you are listening and care about business requirements. This is an important step to building trust that will help further all of your information security objectives later on.
  4. Remember when people think security is a barrier they will be creative and potentially use unauthorized methods to get what they need. It is better to understand what user pain points are and help them be removed vs. giving an incentive to get around the barriers that could cause a big exposure.

In closing, be sure to build a relationship with your users so you can find out how they really feel and validate that your information security program is meeting business requirements.

Information Security – Top 10 Items your Business Needs to Do Now

1. Protect your laptops, desktops, and servers

Your companies laptops, desktops, and servers are likely critical for most of your major business processes from customer management to invoicing, accounting, and payroll. If your systems are not available for use you can not perform these activities and keep your business operating effectively. Worse yet, if your devices have been compromised your data is not secure and it can be deleted, manipulated or misused for financial gain by cyber criminals. Simply, keeping your systems secure helps keep your business secure.

2. Separate your network from the Internet

Your network is your businesses pathway to the Internet and interactions with customers, suppliers and other business partners. Your network also enables those seeking to do harm potential access to your company’s systems so it is important to follow good network security practices to prevent unwanted access to your systems. Keeping the bad guys out while allowing needed business activities to happen is the name of the game.

3. Online Banking Security

Online banking is convenient and can be a real productivity enhancer for individuals and businesses alike. It is also filled with perils especially for businesses that are not afforded the same liability limits that individuals enjoy. If something goes wrong with your online banking does the bank really have your best interests at heart?

4. Backup your critical data

Most of the protection areas discussed focus on insiders or outsiders intent on causing trouble but sometimes equipment just fails. Are you prepared if you suffer hard drives failures on critical systems or would you lose critical data that could potentially put you out of business? Back it up and get the peace of mind that you can recover if your hardware has an issue. Systems are easily replaceable but the data often is not.

5. Follow good password practices

Unless you have implemented more advanced controls passwords are likely your primary method for controlling access to various accounts and sensitive data. Despite years of repeated attempts to educate end-users about what makes a good password many people still make easily avoidable errors. Don’t be one of them, follow good password practices and you will come out ahead.

6. Educate your employees about information security

A company may spend a significant portion of its revenue on information security but if it’s end-users have not been properly educated all of that can be easily defeated by a crafty intruder. Fake emails, known as phishing, have greatly improved in quality and can often fool even observant employees. What will your employees do when they receive and email they think is coming from you but is sent from a suspicious email address?

7. Physical security

An information security protection program is only as good as the physical security in place protecting the assets. If someone can steal the device or gain unauthorized physical access to it all other protection measures can be of little value.

8. Secure your wireless networks

Everyone is using wireless these days it is convenient and helps facilitate business. It is also very insecure right out of the box so it is important to implement best practice security solutions to ensure your networks are safe.

9. Encrypt sensitive files

Passwords are a first line of defense but often times they alone are not adequate to truly secure sensitive data such as employee records, customer lists, and credit cards. Loss of this data can subject a company to legal fines and embarrassing customer notification expenses so it is important to take additional measures to protect this data and you’re your business stakeholders comfort that you are doing the right thing to protect their sensitive data.

10. Securely remove data off of old devices

When you get rid of old computers, servers, network devices, and printers your job is not yet done. These devices will walk out the door with sensitive company information on them if you do not put in place proper measures to cleanse them prior to removing them.

Remember keep an eye out for our detailed implementation advice for each of these top 10 items coming soon!