trinsic technologies logo

Top 6 Security Mistakes SMBs Make, and how IT Pros Can Fix them - Blog (2-18-2013)

It’s quite obvious in this digital age that there is a serious need for computer security. This is especially true in small businesses. You have your data to protect, your employee’s data to protect, and most importantly you have your client’s data to protect. That’s why it is always fascinating and sometimes horrifying to realize that there are certain mistakes that SMBs tend to make. In fact, it is likely that your company is making at least one of these mistakes.

6 – Failure to properly explain your security policies to your team
Data security is a team exercise. Everyone on your team needs to know what the procedures are to protect your data, and they need to know what to do in the event of a security breach.

Every new employee should be taught the procedures, and then every employee should have to take yearly re-upper courses or seminars to keep them up to snuff on security policies new and old. As the IT department, it is probably going to fall to you to teach these procedures to the workforce, which won’t be possible unless your entire team knows what they are talking about.

5 – Failure to update Software licenses
Out of date software is probably the number one way hackers can get into your servers. IT departments sometimes don’t update software versions because they are plain lazy, haven’t had the time, don’t feel it is necessary, or a mix of the above. Not updating software licenses means you won’t be getting security patches for that software, which leaves you vulnerable. As the IT department, it is your duty to make sure that your company isn’t neglecting this area. If the management team is saying there isn’t enough funds, then you need to educate them as to the possible consequences of not keeping things up-to-date. Then at least it is an informed decision being made.

4 - Failure to secure Smartphones
Almost every company is either looking at or actually implementing a BYOD policy. This means employees are more than ever able to take sensitive data with them everywhere they go. Every IT department needs to do two things. First ensure that employees (both yours and the workforce) know what the consequences are for not securing their mobile device. Second, every IT department needs to make sure that every mobile device is secured with a PIN and has encryption.

3 – A Small IT department
If you are an IT guy or gal in a very small company it is likely that your team isn’t very big. You need to convince your executive team that the IT department needs to grow in proportion to the rest of the company. If they try to keep piling on the work as they add new employees, remind them of the consequences of a overworked IT department.

2 – No or inept Backup plan
Backing up is the number one thing you can do to make your data more secure in the event of a breach. That being said, you need to do two things in regard to your backups. You need to test them to ensure they don’t get corrupted or lost, and you need to make sure the data is encrypted.

Every business needs to have a comprehensive backup plan. Your IT department needs to make sure that these backups are done regularly (if they aren’t automated), and that they remain secure. Think you can live without your critical business data for a few days? If not, then don’t put yourself in that possible position.

1 – Weak or Long-term Password mistakes
The number one mistake SMBs make with their data and security measures is forgetting to change their passwords or ensuring that employee passwords aren’t weak.

Your IT department needs to have password rules in place for every employee. It should be a certain length, contain numbers, a mixture of lower and upper case letters, and a symbol. Every password should be changed at least every 45 days. While the change frequency is not an absolute necessity, the point is that you should make it long enough so that it doesn’t become too much of a pain, but short enough to remain secure. Establishing a system for this is key to its consistent implementation.

Happy computing!
Free Technology Newsletter
Sign up today to receive monthly tips and advice on getting the most out of technology!

Latest News
Zimbra vs Zarafa Email - Blog (6/29/2013)
Is ChromeOS a good fit for your organization? Blog (3/2/2013)
Is Android Safe for the Enterprise? Blog (2/28/2013)
Top 6 Security Mistakes SMBs Make, and how IT Pros Can Fix them - Blog (2-18-2013)
More News...