10 IT security tips for SMBs

By Jennifer Saber
Senior Vice President and Head of Information Technology
Kaspersky Lab North America

Starting a business has never been for the faint of heart, but the cyber age has brought new dimensions to the already complex ongoing process. Simply put, you cannot do business of any kind without cybersecurity.

But, like just about everything else in business, technology and security decisions really boil down to money. Only you can decide how best to allocate your resources. Spend wisely and you’ll have the best possible chances of succeeding — security doesn’t have to break the bank.

Here are my top 10 basic and not-so-basic tips for setting up small-business security:

1. Having an IT security policy is crucial.

Sure, commonsense rules apply — “don’t steal” comes to mind — but creating a basic IT policy should be a top priority. You and all of your employees will gain an understanding of rules and expectations regarding everything from passwords to customer privacy, from physically securing technology to data classification.

Crafting a policy can be demanding of your resources, but you can find tons of good sources of information online, such as the Infosec Institute and the SANS Institute. You can tailor any basic policy to suit the needs of your business. Just make sure employees read and sign an acknowledgment form once you have your policy in place.

2. Secure your data.

That means not only keeping criminals out, but also backing up data securely and regularly. If you are not in a financial or technological place to ensure your data is secure, let a large business do it for you.

3. Gain perspective.

As a small business, you might feel like an unattractive target for cybercriminals — like you’re too small to be interesting. Instead, think of SMBs as a class of targets — interesting targets.

The main reason small businesses are great targets is that they represent a gateway to your customers and partners. Of course, criminals also bank on a certain proportion of SMBs not prioritizing security!

4. Check your local authority that provides support to small businesses.

In case of USA — Small Business Administration (SBA). SBA.gov has a wealth of information for SMBs, including training on cybersecurity and tons more in its cybersecurity section. Local chambers of commerce are also great resources.

5. Install comprehensive security software everywhere.

You need security on everything — servers, PCs, other connected devices. Set it up to stay up to date and renew it on time. This is not the place to scrimp.

However, Kaspersky Small Office Security is an economical choice that protects laptops, desktops, and servers, as well as Android devices, against malware. It also secures small businesses against phishing and other common Internet threats, and for those businesses that need it, adds a layer of security for banking and payment transactions.

6. Password protect all computers and other devices.

Your IT security policy should cover strong password use; also set up a password-expiration policy to force users to change their passwords every 90 days.

7. Destroy information you cannot secure.

If you take credit card information, and you don’t have the means to store the information securely, then don’t store it. Once you’ve processed it, shred it.

8. Take special care with personal information.

If you have to store personal info for employees, make sure it’s secure, and limit the people who have access to it. Back it up securely. If you keep physical records, lock them up. And physically secure electronic equipment as well — eliminate the chance that someone, whether an employee, a customer, or a random stranger, can take a laptop away to hack at leisure.

9. Leverage larger companies.

If your small business lacks the resources (capital or human) to handle a task expertly and securely, hire or partner with a business that can. For example a vast majority of SMBs use ADP for payroll.

Why? Economies of scale make a huge and popular payroll company a more effective and economical solution.

But payroll is just one aspect of running a business (and it isn’t even an issue for every small business): Think about which services might be better outsourced to another company.

How about physical security? I recommend an alarm system with remote monitoring for that. How about a remote facility for data backup? In all cases, look for services that specialize in working with small businesses.

10. Enable and reinforce employee awareness.

That includes you, by the way. If you understand the elements of security for your business, and take them seriously, you will be able to impart the information clearly to other employees.

Revisit security policy and practices a few times a year. As with other areas of security, you may want to look back to No. 9 and employ the services of a company that specializes in employee training.

You have nothing to lose and everything to gain by setting strict policies — and following them to a T. Your security is only as strong as your people, and the leader has to lead by example.