As part of Safer Internet Day on 5 February, Tony Neate from government funded GetSafeOnline.org offers five steps for creating your own security plan to help keep your business safe.
Maintaining business as usual through a healthy cash flow and happy customers is the number one priority for businesses. And, in today’s exploding digital economy, access to the internet and mobile working is absolutely crucial to this success. Generally, the same online safety rules apply to businesses as they do to us as individuals but there are also some differences to keep in mind.
1. Get started by conducting a complete audit
Speak to relevant employees to get an understanding of the existing skills and knowledge you already have. Smaller businesses often don’t have the capacity or the background to manage their IT needs in house so determine if you need to bring in outside help. You may already have an existing IT services company? You also need to know what assets and information you have that needs to be protected. This will include hardware, software, documentation and data so make a prioritised list, bearing in mind the possible threats and risks to each.
2. Use your audit to create a framework for your security practices moving forward
If you do decide to work with a third party, they’ll be able to help you with this. It’s also worth talking to other peers or contacts to find out about their security processes. Your plan will need to include procedures for preventing, detecting and responding to security threats. The framework will provide an outline for enforcing compliance, including who will take responsibility for implementing and maintaining security policies in your business.
3. Education, education, education!
Your security policy will only be as watertight as your training policy so educating your team will be vital to its ongoing success. Create a thorough training programme and an easy to use best practice guide that employees can refer to. Remember though, it’s not just virtual threats you need to offer training on. There are a few common physical security tactics employees can use to help strengthen their companies’ security defences. These include really basic, day-to-day things such as using the screen-locking feature when away from the computer, shutting the computer off when done for the day, not leaving passwords written down and being mindful of the physical security of mobile devices and laptops, which are popular target for theft.
4. Stay informed about the threat landscape
A number of security companies such as Symantec and Trend Micro publish reports that define the latest threat landscape for businesses and are great for keeping you up to speed on what you’re up against. You can also keep an eye on our own news page where we report on the latest online safety news for small businesses.
5. Make your security business as usual
Regularly review the system and policies you have in place and keep on top of new threats as you become aware of them. This will enable you to modify your plan to respond to these trends and changes. Likewise, you can do the same if you have an overhaul of your hardware, software or wider IT policies or if your business goes through any significant changes. And don’t forget to get feedback from your teams as their use of the new systems and policies will be critical to its success.