How to: improve your IT security

As a small business, you could be forgiven for thinking that you’re not a target for online hackers. However, according to a recent government survey, as many as 75% of SMEs in the UK could be at risk of an IT security breach – and this can cost you as much as £300,000 to put right.

It’s important to take online security seriously. Here’s some more information to help you.

What Sort of Threats?

What exactly are hackers after, when they break into your site? The truth is, they could be looking for several different things; including sensitive data, customer information or intellectual property.

You may even find yourself at the mercy of ransomware – which usually disables part/all of your system, preventing it from working properly, until you pay the required amount to recover full functionality.

Hacker techniques are becoming increasingly sophisticated, which is why it’s vital to review your security practices on a regular basis. Remember, if you’ve got several staff working for you, you may need to take precautions ‘in house’ too – a security breach isn’t always caused by external forces.

Steps to Boost IT Security

Improve passwords (and regularly update them)

Your employees need to understand how important it is to keep their passwords safe at all times. Weak passwords are too easy to guess, so encourage staff to select stronger ones, and update them on a regular basis.

Back up your data

Backing up your data is easy, especially if you automatically back it up at the end of each working day (cloud-based systems are particularly effective for this purpose). If your system then becomes encrypted by a ransomware attack, it won’t be a problem – as you can simply restore your settings using your most recent back-up.

Train staff to recognise phishing

Phishing emails (emails trying to trick you into giving them sensitive information, such as bank details) have become far less easy to detect in recent years, and staff need to know exactly what a phishing email looks like. Some simple rules to adhere to are:

1. Never click through to links unless you trust the source.
2. Never open an unexpected file.
3. Check the sender address – for example, some emails claiming to be from banks actually have email addresses that are completely unrelated to the bank in question.

Invest in good security software

At the very least, you should have anti-virus software, firewalls and anti-spyware in place. You’ll need to keep this software regularly updated and install patches whenever they’re released.

Limit access

In an ideal world, staff should only have access to the data they need to do their job properly. Try to limit the number of employees who have administrator access, as this reduces the risk of spreading malware.

Be vigilant

Security measures swiftly become out-of-date, leaving your company open to attack. Aim to review your security practices every three to six months to ensure you’re well protected. It’s also a good idea to have a plan of action in place if your company does suffer a breach in IT security – so that you and your staff know what steps to take to minimise the damage.