Back to all resources

Top five tips for creating a security aware small business

While many small businesses believe that internet security is important to their business, only 28% have formal internet security policies, a survey by internet security provider Symantec has found. 

Like this resource?

Become a member for access to more resources and benefits.

Learn more

While many small businesses believe that internet security is important to their business, only 28% have formal internet security policies, a survey by internet security provider Symantec has found. As businesses combat an increasingly sophisticated threat landscape and feel potential impacts to IT staffing reductions due to the economic environment, employees remain the strongest defense in protecting an organisation's information. Small businesses can significantly reduce their vulnerability by following these simple steps to create an informed security environment and protect their critical information from exploitation, cyber attacks, unauthorised access and fraud.

  1. Educate your employees. Only 38% of small businesses provide training to their employees about internet safety and security. Your employees are vital to your company's security, so empower them to keep your information and systems safe! A security awareness program with training and guidelines to enable employees to carefully consider the security implications of their online behavior. Require your employees use passwords that mix letters and numbers (not names or dictionary words) and change them often. Educate employees not to use file sharing programs or download free programs from the Internet.
  2. Combine policies and technologies. More than 33% of small businesses do not have the most basic protection of all – antivirus. As the number and sophistication of web-based viruses and malicious code continues to rise, small business need to be secured with more than just traditional antivirus technology as they are susceptible to the same type of attacks as large businesses. Policies and education need to be coupled with an integrated solution to protect information wherever it is accessed, from servers to desktops and laptops. Install an integrated security suite solution that will prevent virus infection, block intruders, protect privacy, and stop malicious programs. This will be simpler to install and manage and will keep you completely protected.
  3. Protect your mobile workforce. More than 66% of employees take computers or PDAs containing sensitive information off-site. 62% of the companies surveyed have a wireless network but 25% of them do not password protect their wireless networks. All network-connected computers and inbound/outbound traffic should be monitored for signs of unauthorised entry and malicious activity. Create and enforce policies that identify and restrict applications that can access your network, and ensure employees follow best practices when they work remotely.
  4. Backup valuable data. Small businesses are handling valuable data: 65% store customer data, 43% store financial record and reports, 33% store credit card information and 20% have intellectual property and other sensitive corporate property. It is critical to back up important data regularly and store extra copies of this data off site. Train your staff to perform basic backup tasks unsupervised. Backup systems as well as applications and files at least daily, and test the backup and recovery process periodically to be sure it works.
  5. Stay informed and update often. Only 53% of small businesses have someone check the company's computers to ensure that their operating systems and security software are up-to-date. Stay aware of the security threats you face by reviewing reports published by industry experts. Keep antivirus software up-to-date by downloading virus definitions as soon as they are available and regularly apply updates and patches.

The growing complexity of information security threats puts proprietary information assets at risk on a daily basis. Awareness of the risks and available safeguards is the first line of defense for the security of information systems and networks. Technology alone cannot secure an organisation; an organisation's workforce must understand information security issues and behave in a manner that minimises risks.