No matter how small your small business is, security, your data and your customers’ data should still be top of mind. When your company doesn’t have an IT department, how do you keep mobile technology such as smartphones and tablets from becoming a security problem?
Here are 5 tips to boost your security that require minimum expertise and minimum investment.
1. Find a trusted partner, and keep them on speed-dial.
Even if you don’t have an IT department, you still have IT issues that need an IT solution. Configuring new devices, troubleshooting and solving problems, developing a strategy to ensure that IT investments are appropriate and generate return on investments — these are all things where a little help goes a long way.
Finding someone who specializes in helping small businesses and who will keep your best interests at heart can be difficult, but is worth the effort. There are a couple of places you can turn.
• Ask your device reseller if they provide ongoing consulting services. Be sure that the services will truly support you and not just try to sell you more devices.
• Hire an independent consultant. Even if consulting hourly rates seem high, they’re less expensive than having someone on staff and much less distracting than trying to do it yourself.
2. Move everything you can to the cloud.
“Everything” really means everything. Any applications you’re using that can be shifted to the growing world of cloud-based services, such as email, file sharing, desktop and laptop backups, customer relationship management (CRM) and accounting should go as soon as possible. Cloud-based services may have monthly fees, but they save in the long run — and usually very quickly. No more software patches, no more hardware upgrades, no more server backups and no more worries about whether you’ve left a gaping security hole somewhere.
Small businesses need to be strategic about IT, and anything that is an IT commodity, like VoIP communications or other collaboration tools, should be left to the specialists. If you have some applications that are truly strategic for your business, that’s where you want to concentrate your money and attention. For example, if you’re running a small law office and you have practice management software, that’s where you get the most value out of IT — and that’s worth your focus. Every dollar and minute spent taking care of an aging email server is a waste of valuable resources.
3. React, but don’t over-react.
In the world of information security, the biggest threat to small businesses is availability: not having access to your information when you need it, either because it’s been lost or because you’re spending time trying to clean up after a security problem instead of serving your customers.
Most small business security failures have one (or more) of three main causes: stolen credentials, unpatched devices, or data that are not being backed up. Addressing each of these should be a top priority. For stolen credentials, choose to use two-factor authentication whenever it’s available. For unpatched devices, turn on automatic updates for operating systems, applications and anti-malware/anti-virus. And for data that are not being backed up, look for continuous data protection solutions such as cloud-based backup tools that constantly copy any changed files to a cloud service. Work on those three, and you’ll have prevented the vast majority of problems.
4. Use force multipliers.
Keeping on top of today’s security trends and issues isn’t nearly as important as building things to be secure from the start. When you hear about a new security issue, you should be able to depend on your software suppliers to automatically patch things promptly; you shouldn’t have to follow up to be sure you’re protected.
For example, if you have a BYOD policy or have more than two or three smartphones in your company, you can use cloud-based Mobile Device Management tools (such as Samsung’s Knox Manage) to make sure that devices are configured to automatically download and apply software updates and patches. By making sure that everything in your IT world is patching itself automatically, you gain the peace of mind needed to focus on what’s important rather than the latest information security problems.
5. A little documentation goes a long way.
Small business owners and staff rarely focus on IT; it’s a part-time task for most. When you’re not concentrating on IT, it’s easy to lose track of what you did and how things work. With every IT change you make, retain key e-mails and documents, create how-to documentation, and make the materials easy to find for anyone who might need them. You’ll find you waste less time re-doing the same work or trying to remember what happened six, 12 or 24 months ago.
Small businesses can improve their IT security with these few simple steps, and small, strategic investments will yield significant results.
Take our mobile security assessment to find out if your company is covered against risks — and how you can stay ahead of the curve.