You've probably got a lot of important data stored on your company computers: customer credit card numbers, confidential reports for your employees, and countless emails (some of which are full of harsh zingers directed at your biggest competitors). Needless to say, none of this is information you want made public or destroyed. So are you taking enough precautions to protect your data?
According to a recent survey from AVG, six out of seven small businesses in the US and UK have absolutely no Internet security measures in place, and could be at risk of a major security breach. If you fall into that group, here are ten things you can do to get back on the security track:
1) Adopt company-wide policies regarding employee computer use. If you don’t want them taking work computers out of the office, or even sending personal emails from work, make that clear. You don’t need to go overboard, but have your policy in writing.
2) Create a secure password policy, and ensure that every staff member follows it. (Here are some tips for building a strong password.) Forcing users to change passwords frequently is not recommended.
3) Install and regularly update anti-virus software, such as Norton or McAfee, on all company computers.
4) Set up a company firewall. This may sound harder than it is, as all network routers have a firewall built in.
5) Only allow routine attachment types to be downloaded by employees. (Executables, or EXE files, are a strict no-no.) Educate staff on the dangers of downloading suspicious attachments. An anti-spam system will help keep them out of inboxes.
6) Immediately perform all hardware and software updates. The biggest risks of attack come from brand-new exploits.
7) Purchase a business-class router to protect your company’s Internet connection. Again, a firewall will be an essential part of this package.
8) Create regular backup files of all important company data, and store them securely in a safe or offsite.
9) Make it clear to all staff members that if they accidentally download a computer virus or see anything suspicious going on on their PC, they must report the security breach immediately.
10) If you don’t have a qualified IT professional on staff who has the skills to set up a secure network environment, invest in a network security firm or consultancy to help you with anything else you need.
