When entrepreneurs decide to start their own business, they are focused almost entirely on the product or service they provide, and how they can sell it to customers. Rightly so, since without a product that people want to purchase, there is no business. The rest of their attention goes into dealing with business logistics – finding an office or production space; completing tax registration forms; investing in computers for employees, etc. One item that is typically neglected during this frenzied period of activity is IT security.
By the time a very small business decides to address IT security, it’s typically because they have already become a victim of cybercrime, or because the business owner saw a news report about malware stealing credit cards from business and panicked while wondering if this could happen to his own business. In either scenario, IT security then becomes an urgent priority while employees scramble to find the right solution. Kaspersky Lab experts know there is a better way. By adding basic IT security measures into the startup plan, entrepreneurs can save themselves time, money, and aggravation down the line, and protect themselves from malware that could cause enough damage to drive the company out of business.
There is no “one size fits all” solution for startups and very small businesses. There are, however, a few golden rules – and this checklist will help business owners ensure the essential elements of IT security are in place.
Step 1: Take Inventory
New businesses almost certainly won’t have an in-house IT expert, but at least their IT inventory is small enough to be managed with relative ease. Make a simple Excel list of all laptops and workstations, as well as servers and routers, in the business. This list should also include notes for all the business-critical applications used on each machine.
Step 2: Assign Priority
On this new list of equipment and applications, add notes to define the tasks that each particular machine performs, and how dependent your business operations are on each particular task. Give the most vital pieces of IT equipment a Category 1 rating, while machines that perform less critical functions can receive a Category 2 or even Category 3 rating. For example, for a business that primarily conducts online sales, the Email server is a Category 1 piece of equipment. For store-front businesses, the point-of-sale “cash register” computer becomes Category 1. Ideally, no more than half of the total computers in the business should be Category 1, since the goal of this step is to identify which pieces of the network require the highest level of protection, and which are less important.
Step 3: Protect the Perimeter
Here is a very basic step that still must not be overlooked – ensure the business has a functioning firewall, which can block malicious web-traffic from entering the network, and can stop thieves from smuggling data to outside the network. For many small companies the firewall will be included in the Internet router, so owners should check with their Internet Service Provider to ensure the firewall is properly configured.
Step 4: Protect Your Data Where it Lives – the File Server
Once a business has several employees collaborating on documents, it makes sense to have a small file server – such as Exchange, Sharepoint, or other simple appliances – so information can be centralized and accessed by all. But with all the data on a file server, the server becomes critically important and requires strong anti-malware protection. More importantly, backing up the data on this server becomes vital. Ensure an automated data backup task is scheduled on a daily basis. These backups can be saved to another server, an external hard drive, or to a cloud repository. By taking the time now to configure a daily automated backup task, these backups could save the business in the event of an IT disaster in the coming years.
Step 5: Protect Your PCs…
The computers used every day by employees are obviously the backbone of the business, and owners should invest in their protection accordingly. Modern malware can evolve over the course of a few hours to defeat simple anti-virus scanners, and business owners would be wise to seek a full security suite with multiple layers of protection. This includes features like a desktop firewall, proactive detection capabilities, and application controls. It’s also a good idea to include a password manager program on employee computers, which stores their passwords in an encrypted vault and automatically enters the passwords when prompted. Few things make security professionals cringe like seeing passwords written down on pieces of paper next to a computer!
Step 6: …and Your Macs and Androids
It’s important to include non-Windows machines in the business security strategy as well. For example, if the business uses a Mac for graphic design, it needs the same umbrella of protection provided by the network firewall. Owners would also be wise to install a security program on the Mac itself, since Macs can actually become warehouses for PC malware and spread infections across the office, or worse, to customers. Also, if employees plan to access business documents from their smartphones or take documents to go on their tablets, make sure those mobile devices have some sort of anti-virus and anti-theft program installed. That way, if the phone ever gets lost, employees can at least remotely wipe the business information from the missing device.
Step 7: Monitor it all Centrally
With the foundation of IT security now built into the business’s network perimeter, file server and endpoint machines…how does the owner keep track of it all? Ideally, this protection will come from a single security solution – such as Kaspersky Small Office Security, a newly launched third version – that protects all the pieces of the business with fewer than 25 employees, and lets owners view the status of each piece from a single console. Its key solution includes new features such as, Safe Money to Protect Online Banking , Enhanced Mobile Device Support, Automatic Exploit Prevention, Password Manager, Online Backup along with Web Policy Management, Data Encryption and File Backup, Central Management that help small businesses stay ahead of modern security challenges and this easy-to-use product that doesn’t require business owners to be IT experts. As we know complexity is the enemy of security, and if you can get a single security solution to do it all, your life will be less complex and more secure at the same time.
With these core protection elements in place, IT security won’t need to be cobbled together frantically and expensively as the business grows over the years. More importantly, business owners can feel safe that their life’s work and the data of their customers are protected, and they can get back to focusing on the reason they opened their own business in the first place.