Keeping your SME safe online need not be expensive, says Google online safety communications manager Elijah Lawal
Make everyone responsible for security
Online security should be everybody’s responsibility, not just the IT department. There’s no need to sacrifice security even if you’re a bootstrapping start-up. They’re not mutually exclusive.
Human beings can often be the weak link when it comes to security. You can have the most sophisticated burglar alarm but your house is wide open if you leave your key in the lock. You may have the best IT security software that money can buy, but it’s no good if your employee gives away the password. Handing over the notion of online security to your IT manager is how you get into trouble. It needs to be something that permeates from the top to the bottom.
Ensure everybody has the right access
Does everyone in the organisation have the correct access they need? Or, put another way, does marketing need access to everything in the organisation? Probably not. So create individual user profiles for each database. Grant the least access needed and ensure the data cannot be easily transferred. Make sure everyone has a private login and disable logins from people who have left your SME or gone on maternity leave. Remember, there is a risk that those who have exited in unhappy circumstances may want to steal your information or do you harm.
Ensure two-factor authentication
Two-factor authentication, such as that offered by Google, is a more secure way of accessing your information. I think of it like using a cash machine – you need to have your bank card and also remember your PIN number. You won’t be able to get cash unless you have both. It’s the same for online security. Two-factor authentication – such as that offered by Google – combines your password with a unique code texted to your mobile.
Know what to do if the worst does happen
You need to do some simple housekeeping when you establish your business, such as having a data privacy policy and making sure your passwords are strong. After all, you pay insurance premiums to cover yourself in case of unexpected disasters. You hope nothing will happen but you do prepare for the worst.
And, if you do have a security breach, then remember to notify the police and your lawyer.
Fix the vulnerability that caused the problem
Most importantly, fix the vulnerability that caused that breach in the first instance. Small businesses can be so busy running around informing clients that their data has been compromised, they often forget to investigate what caused it. And remember to back up to the last time you backed up data.