Author Box
Articles Categories
All Categories
Articles Resources

10 Information Security Tips For Small Businesses

June 26, 2012 | Comments: 0 | Views: 214

Businesses are recognising the importance of the information they manage, and more companies than ever deal with sensitive information on a regular basis. So whether you are a one-man-band or a multi-national corporate entity here are 10 Information Security Tips for Businesses:

1. Implement policies and guidelines Implement policies, processes and guidelines - the rules of the game - that are appropriate for your organisation. This means a top-down approach to information security showing that your organisation is committed and willing to invest in protecting its data. Remember that often, the simplest solution is the best so keep your rules simple because doing so makes them easier to follow.

2. Lead by example Senior level buy-in is vital but business owners and senior management must also follow the same policies and guidelines, otherwise it becomes a pointless exercise as staff will bypass them in the same way. That means it's vital to lead by example, showing your team that you take information security seriously.

3. Staff education and training It may seem obvious, but if you don't educate your staff on their information security roles and responsibilities then you can't expect them to provide effective protection for your data. You should not only teach your staff what they have to do and the rules they must follow but also why it is important to you, how they do it and who they should speak to if they have any questions or issues. It is important here to make the process as entertaining and fun as possible as it is seen often as a very dry, if not dull topic.

4. Business processes It is important to implement appropriate business processes in your organisation and to align them with your information security policies as much as possible. Otherwise it may become easier to bypass the controls you have implemented in order to achieve your business goals.

5. Technical solutions In the same way as it is important to have appropriate business processes, it is also vital to implement appropriate technical solutions. Many organisations see IT as the driving force in protecting their data. However, this is not the case. IT is simply one of the tools available and you therefore have to ensure your technical solutions and IT systems provide your organisation with the protection it desires in line with your information security policies.

6. Spot checks A good way to ensure your staff follow your information security rules is to employ a regime of spot-checks. It is important that this should be done to raise awareness of issues and not as a method of punishing those that fail to follow the rules, after all you need your employees to buy-in to the spirit of the program not merely follow instructions like sheep. A great way of achieving this is to encourage staff to come up with ideas for improving security and reward the best ideas.

7. Test and measure In addition to performing your own spot-checks, it's a good idea to employ an external agency or consultancy to test your security controls on a regular basis. Many corporate bodies have regular penetration tests of IT infrastructure and less frequent tests of physical security. Smaller businesses might see this as overkill but unless you actually test your controls you have no idea as to their effectiveness!

8. Check your suppliers Most companies make use of 3rd party service providers. Whether it's for your IT, web hosting, accountancy or legal operations it's important to ensure your suppliers take the same care and consideration over their information security (and yours) as you do. It's no use having fantastic information security controls only for every Tom, Dick and Harriet at XYZ IT Support Company to have access to your sensitive data because they provide your IT support services. Take the time and ask questions - ask to see their policies, how they vet their staff, and what controls they employ to protect your data. At the end of the day, protecting your data is your responsibility.

9. Plan for the worst, hope for the best In the same way that it's a good idea to have business insurance, all companies should invest in a Business Continuity Plan. This means looking at the threats to your business, the risks posed by them and how you respond in order to continue operating should the worst happen. Your Business Continuity Plan needs to cover all the high risks to your business and should be tested and reviewed on a regular basis to ensure it meets your changing operational requirements. Obviously, testing a Business Continuity or Disaster Recovery Plan completely may be prohibitively expensive but there are ways of assessing the plan without necessarily having to buy hardware or pay for office space.

10. Incident response Although having all the policies, processes and guidelines, the correct technical solutions, and excellent staff awareness will give you the best chance of not having an information security breach, it doesn't guarantee it. Therefore, it is essential that you have a clearly defined process for responding to an incident. This should include reporting points, escalation, evidence gathering and media management. It should also clearly define the roles and responsibilities for relevant personnel and how your organisation reports the breach to the relevant authorities - be they law enforcement, the Information Commissioner or regulatory bodies - and of course how you inform the individuals or companies concerned.

Lee Hezzlewood is the founder of Secure Thinking, a UK company providing specialist services in Data Protection and Cyber-Security. For more information on information security for SME businesses take a look at our Managed Security Services.

Source: EzineArticles
Was this Helpful ?

 
0
 
0
 
Rate this Article
 vote(s)
Feedback
Print
Re-Publish

Article Tags:

Information Security

,

Security Tips

,

Business Continuity

,

Information Security Policies

,

Leadership

,

Bcp

In India, employment opportunities are set to grow by a good margin in the coming year, a phase which was started in the turn of the second decade of the 21st century. organisation, candidates with

By: Sarkariexam l Business > Careers Employment l April 01, 2013 lViews: 11708

Sometimes it is amazing to see that certain jobs can precipitate huge turnouts in the recruitment drives. It is as if thousands of people were waiting for the vacancy advertisements and the moment

By: Sarkariexam l Business > Careers Employment l December 30, 2012 lViews: 690

In recent times, jobs in healthcare segments have grown tremendously. It is anticipated that this growth curve will continue for the times to come. Various factors are responsible for this

By: Sarkariexam l Business > Career Advice l December 27, 2012 lViews: 448

Are you in a dilemma whether to choose web based CRM or not? If yes, don’t worry. You aren’t the sole person having this doubt.There are numerous firms trying to make out whether investing in a

By: Reneta Vasileva l Business > Customer Service l December 23, 2012 lViews: 409

If you think about it you will realize the fact that each business has its own set of risks that are involved in it.The trade secrets that you have and the information related to the business is what

By: brumbrum1 l Business > Risk Management l December 23, 2012 lViews: 263

As the time is changing, concierge management services are now growing despite the slowing economies of the world. The main reason of it is the need that is highly specific to the people who like to

By: willsmith10 l Business > Management l December 23, 2012 lViews: 334

Almost all modern businesses hold, share and access potentially sensitive information on a regular basis. But how many have truly effective information security controls?

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 185

Social Engineering poses a real threat to businesses and their data. This short story highlights a very real social engineering scenario.

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 182

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Too many organisations, particularly in the small-medium category, seem to think information security is about IT and technology. But information security isn't just about IT and businesses need to

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 184

Fire resistant doors are very popular for being fully safe and are able to control fire to a great extent. Not just any manufacturer can make these doors and one has to pass the competency test in

By: Alicia Tanl Business > Securityl June 22, 2012 lViews: 206

One type of professional is important for lock installation, lock changes, key making and, frankly, lock opening. Most people don't even think of a locksmith until they lock themselves out of

By: Antoinette Ayanal Business > Securityl June 22, 2012 lViews: 205

Almost all modern businesses hold, share and access potentially sensitive information on a regular basis. But how many have truly effective information security controls?

By: Lee Hezzlewoodl Business > Securityl June 26, 2012 lViews: 185

Social Engineering poses a real threat to businesses and their data. This short story highlights a very real social engineering scenario.

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 182

Information security and data protection is important to small and medium businesses, but many don't understand the threats and risks. Here we outline some of the primary issues and attempt to show

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 174

Too many organisations, particularly in the small-medium category, seem to think information security is about IT and technology. But information security isn't just about IT and businesses need to

By: Lee Hezzlewoodl Business > Securityl June 23, 2012 lViews: 184

Location-based services are increasing in popularity all the time. But are we opening ourselves up to a world of pain and potential abuse through the use of such services?

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 167

Organisations with an online presence need to consider the security of their websites as well as it's look and feel, functionality and usefulness as a marketing tool. Otherwise there could be serious

By: Lee Hezzlewoodl Internet Businesses > Securityl June 23, 2012 lViews: 179

Discuss this Article

comments powered by Disqus