More than 99% of SMEs are using IT solutions to work on a daily basis. Considering this number, more than one SME out of two doesn’t even have a firewall to be protected against malice acts. In this context, the question of IT security in the universe of small and medium businesses needs to be deeply analyzed. Today, NellSoft provides you with 5 advices to increase the level of IT security within your SME, reducing cyber threats.
1) Confidentiality of documents
Confidentiality is mandatory. The good point is that there is no software or specific skill needed to achieve it. Indeed, a good level of confidentiality is the consequence of daily routines. For instance, when you or one of your coworkers send an email to an external stakeholder, it is useful to mention that the email and all its content are strictly confidential. In the same way, when you sign a contract you need to insert a confidentiality clause. This first advice seems obvious but too many SMEs are still neglecting such clauses. In case of litigation, it can make a huge difference.
2) Web and computer control
We strongly recommend you to have a secure Virtual Private Network (VPN) in order to secure all internal exchanges between your collaborators. Moreover, it is useful and recommended to forbid the internal use of ADSL and 4G routers for safety reasons.
In order to secure your SME’s IT system, you also need to think about Wi-Fi. Indeed, Wi-Fi terminals are today essential in order to connect all your devices such as laptops, tablets or smartphones to the internet. However, they are easy prey for hackers if the passwords you settle are too weak. Indeed, anybody with low IT skills could easily hack your system. Consequently, the choice of a secure password is the first step to think about.
Professional password management software such as Secret Server exists offering to your SMEs a secure environment to evolve in.
3) Lead (and follow) an active IT policy
Would you be ready to enter into a partnership with a customer or a supplier knowing that his IT security policy is close to zero? Probably not. In the same way, would you sign a contract with a business partner knowing that he is facing data security problems? Definitely not.
Why? Besides the fact that you don’t want to share sensitive information with an organization that can’t ensure data security, you are not ready to work with such unprotected company. In the case we mention before, the whole image of the company is being impacted by its IT negligence. Indeed, being hacked is a sign of general weakness that must be prevented.
It is thus vital to establish a security charter that you need to spread within your organization. Too many enterprises are starting considering IT security solutions after being hacked.
In order to implement an efficient IT security policy, it is necessary to allocate roles and tasks within the organization. If a crisis arises, any insider should perfectly know what to do.
Concretely, how is it possible to reduce the threats a company is facing?
a) Standardize your Operation Systems
In this path, it would be easier to manage a data security breach situation if security parameters and softwares are similar on all internal computers. It is also necessary to create filters for potentially dangerous websites.
b) Limit or prohibit the use of online cloud application for personal purposes
As a substitute, you can provide your collaborators with a professional cloud solution.
c) Maintain an updated IT installation
Any IT software needs regular updates not to become obsolete and useless.
4) Involve your collaborators in the IT process
Even if you have an IT department and powerful solutions, IT managers can’t be everywhere. Employees need to be IT ambassadors. They have to be familiar with the different threats that could arise. Thus they need to be vigilant by adopting specific daily behaviors.
Implementing an IT chart was the theoretical part of the process. Educating your collaborators is the practical step that has to be conducted in order to encounter success. Regular IT trainings have to be granted to your team for the good sake of your organization (once a year is a good pace).
Among the basic behaviors to adopt, we can list:
5) Mobile devices: the holy grail for hackers
Business trips are the perfect opportunity for data leakage. Indeed, IT security of mobile devices is today more than neglected. More and more data leakage is the result of negligence (either loss or theft of laptops, tablets, smartphones etc).
What can be implemented to reduce this threat? As we’ve seen before the first step is to educate employees by providing them with the best practices to adopt.
To ensure a secure BYOD policy , professional mobile device management solutions such as IBM MaaS360 or AirWatch efficiently protect companies against mobile threats.
If you have any additional questions about IT security in the world of SMEs, please don’t hesitate to contact our team of experts.
« Investing in IT security: the perfect lever to enhance business performance ?