Business First Columbus – Michelle Abreu, Chairwoman and President of Oxford Consulting, advises how “Taking simple steps can help small businesses with data protection”

Taking simple steps can help small businesses with data protection

Business First of Columbus – by Michelle Abreu For Business First
September 4, 2009

Even in the best of times, small-business owners sometimes fail to guard their digital and intellectual assets sufficiently, either because they are unaware of the dangers or because they believe they won’t be hit with a data breach, computer virus, theft of vital information, or other attack on their systems.

With the recession, even fewer businesses have adequate data security. A 2009 study from Symantec Corp. found that nearly half of the companies surveyed said budget restraints, understaffing, and greater regulatory pressure made providing security difficult.

The same report shows that attacks on business systems increased in the past two years, with 88 percent of respondents saying they were attacked. Of those, 42 percent reported that they experience attacks regularly, and 98 percent suffered actual losses because of such attacks.

The threats are numerous and seem like they’re impossible to thwart without major resources and deep pockets. Fortunately, there are several affordable measures every small business can take to guard valuable or private data.

Protection

• Shred it. Not all important data is digital, so make it convenient for employees to protect sensitive records that are on paper. One of the simplest and least expensive security measures is to buy cross-cut shredders and place them near high traffic areas such as fax machines, recycling bins and network printers. Shredding limits access to private and sensitive information, as well as protects it from theft.

While there’s no harm in shredding everything, provide the employees guidelines if you wish to target specific documents, such as spreadsheets, payroll records and job-performance information.

Scan it. Malware and viruses find their way to you and often work stealthily, and if you are on the Internet at all, you’re at risk. Employees surfing innocuous Web sites might unwittingly stumble upon a worm that could burrow into an individual PC, then infiltrate the entire system if it’s on the network.

Guard against these attacks by installing anti-virus, personal firewall and anti-spam software. It’s a bargain, especially when weighed against the cost to repair damages caused by downloaded malicious code. Take note that it will be completely ineffective if employees don’t use it as intended.

Users sometimes turn off a system scan because they think it slows up the computer. Counter this tendency by being proactive and schedule scans for a consistent and convenient time during the week – such as late Friday afternoons – and make them mandatory for every computer in the network.

Time’s a’wastin’

Update it. It doesn’t cost anything to install automatic security patches and system software updates, so this is another economical move you can make to guard your data.

Hackers find new ways to exploit systems every day, and many updates address these developments as they arise. It’s common to ignore updates because they can take a few moments to install, but that can leave your system open for attack, so be sure all employees update when necessary.

Back it up. Identify systems that store critical business data and create a process for securely backing up on a regular basis. Remember, computers can crash and become completely corrupted, but they can also be stolen, damaged by clumsy users, and destroyed by flood, fire or other disasters. Such occurrences make offsite storage vital, either to removable media on company-owned offsite servers or with online storage providers.

Most backup software is inexpensive, and you can find storage devices the size of a thumb drive that are adequate for many business systems. The most important thing is to back up the systems as a matter of routine. How much data could you afford to lose? A week’s? A day’s? That’s how often you should back up.

Spell it out. Document and distribute your policies regarding data protection so that everyone understands them. Provide easy-to-follow training instructions for common security practices such as changing passwords regularly, avoiding phishing schemes and limiting e-mail attachments.

Because diligence in following these guidelines can be an issue, include a security checklist that all employees must sign off on when they begin their employment with your company.

Finally, another free measure: Explain to everyone the possible consequences of attack and data loss and impress upon them that data security is a top priority. Your words cost nothing yet could save you so much.

Michelle Abreu is chairwoman and president of Oxford Consulting Group Inc., an information technology consulting firm. 614-310-2700 | mta@oxford-consulting.com