Take steps to improve IT security, SMBs urged

Tuesday 21 May 2013

Small and medium-sized businesses (SMBs) need to make IT security more of a priority, it has been claimed.

According to BCS, the Chartered Institute for IT, smaller companies are seeing an increasing number of security incidents, as the level of activity conducted online continues to increase.

Research carried out by the organisation suggests that 87 per cent of SMBs experienced a security breach in the last year, up from 76 per cent 12 months ago.

Louise Bennett, chair of BCS Security, noted that security is for all businesses, but it often gets overlooked by SMBs as they don't necessarily have an IT department to support it.

"However, it’s a myth that security is only the responsibility of the IT department; every employee is responsible for the organisation’s security," she stated.

"Attacks can arise from a wide variety of sources including human error, a deliberate attack by an outsider, or a malicious attack by a disgruntled member of staff."

Ms Bennett said the IT department may well set out the security issues, but it's actually important that everyone plays their role in implementing these simple measures.

The BCS has published a security guide, designed specifically for SMBs, to help them understand the action they can take.

A number of top tips across three categories - education, equipment and data protection - have been published to help ensure security-best practice.

The BCS says employers should educate all employees to think about security issues, and create clear email, internet and social media policies that outline what is permissible.

They should also implement a policy that demands strong passwords, which are changed regularly, and encourage staff to think about phishing threats and spam emails.

In addition, BCS says employers should implement a policy on the use of removable devices, as well as the copying and transferring of information.

Where equipment is concerned, SMBs have been urged to deploy firewalls between their network/PC and an unsafe network, deploy firewalls within their own networks, and carry out penetration tests.

They should also deploy a proxy server between internal and external network resources, secure wireless routers, protect mobile devices with a PIN and use encryption solutions, BCS urges.

"If you’ve been breached, destroy at-risk data or equipment," the institute advises.

"Ensure operating systems are regularly updated and staff know how to implement the updates."

Finally, where data protection is concerned, BCS says it is important for people to know their data responsibilities and ensure employees understand their role.

"Understand clearly what data is used in your organisation, where it is and why you’re keeping or using it," the institute says.

"Classify your data for confidentiality, for criticality, for integrity."

Find out more about how Microsoft solutions can bolster your organisation's IT security.

Posted by Alex Boardman