Is IT Security Really That Important for a Small Office?Dale Smith
I’ve actually had many small business owners and managers tell me, “IT Security isn’t important for a small office.” They point to the headlines touting security breaches at Target, Niemen Marcus, Home Depot and most recently Google’s Gmail as evidence that only large companies are targets. They couldn’t be more wrong.
The truth is that businesses of all sizes are targets. Many of these hackers actually prefer smaller businesses. They are often easier targets. Owners will often state, “I don’t have anything anyone would want. We still process credit cards with a dial up modem. We don’t even store credit card information.” In fact, every business has information that is valuable.
The business owner doesn’t know that the accounting clerk keeps a Word document with a list of customer credit cards to make end of month billing easier or that their payroll system keeps detailed bank account information for employee direct deposits. They forget that most of their banking is done online, opening their accounts to potential hackers who can have their cash transferred to offshore accounts by morning. Of course, for companies that do process credit cards, failure to be PCI compliant and prevent theft can result in substantial fines.
Security for the small business is vital. There are many aspects to securing any business. These can seem complex and overwhelming. Fortunately, there are several clear and relatively inexpensive steps that can be taken to greatly reduce company exposure, and are applicable for even small offices.
This is the first of two articles explaining 6 areas that small businesses must focus on to secure their operation.
- Incoming Internet Security – If you have an Internet connection at your office (And who doesn’t?), you have some type of router or firewall already in place that provides some protection from hackers entering your network. Is it enough? What do you need to be concerned about?
- Outgoing Internet Security – Outgoing? Why should you be concerned about what goes out of your network? Because information that has been breached needs to get to the bad guys by going out of your network. Remember your parents telling you to be careful of the company you keep – the same thing applies to the Internet.
- Local Network Security – You already know that you need local security, that’s why you install anti-virus software on all of the computers in your network. Many of you have already found that anti-virus software doesn’t stop every threat. What else do you need? Are you sure all network devices have security software? Even the wireless devices? What about protection from your own employees, or outside vendors with access to your systems? Lot’s to consider here!
- Physical Security – This is an often forgotten area. How easy is it to pick up the company laptop and walk out with the Excel spreadsheet someone was using to reconcile the credit card charges for the month? What about the thief that walks off with the company server stored in the supply closet? And don’t forget about access credentials conveniently taped to the firewall or placed under the keyboard.
- Internal Security Policies – Someone needs to document security related policies and procedures. How else does the accounting clerk know that it is not okay to create a spreadsheet of customer credit card information? Who decides what web sites are acceptable for company employees to visit?
- Employee Training – Common sense isn’t always so common. What one looks at as a clear security risk may not be looked at in the same way by someone else. Not only do employees need know company security policies, but they also need to be trained how to spot security risks.
In the subsequent article we will dive deeper into each of these areas and document the risks you need to be concerned with and what remedies you can take to mitigate these risks.
Remember, cyber security is more important than you might think. The future ongoing viability of the company may be at stake. There are many steps which can and should be taken to protect even the smallest office.