Every business is unique.
That uniqueness comes from how the business came to be, what the business does and who is in charge.
Every small and medium business and not for profit organisation looks at security differently.
In the words of professor Julius Sumner Miller—Why is that so?
Digital Security for the small or medium business is a balancing act: accessibility versus usability.
With such conflicting requirements in place, there’s no one-size-fits-all solution. Walking that fine line is achieved by looking at both the external and internal requirements.
Protecting the business requires applying common sense and paying attention to the details.
It also involves making tough decisions to ensure the business accepts its duty of caring for its staff and it clients.
Like I said, there’s no digital security program that will fit all SME’s. But there are some components all successful programs have in common.
The external digital security includes systems to ensure that your information is secure.
It relies on the following Digital Security components:
- Firewall: Lets users access the internet and protects the internal network from attack by bad guys.
- VPN: A Virtual Private Network is a connection between the office and someone who’s at another location (a road warrior or home worker). VPN’s rely on encryption and authorisation to secure the connection and protect the data.
- Wireless: A convenient way for smartphones, tablets and laptops to connect to the business network. A wireless network can also be a point of attack if not configured correctly. (Use encryption, strong passwords, DMZ)
- Anti-SPAM: Depending on the system, an anti-SPAM system can remove 90 to 98% of the SPAM that comes into the network
- Content filtering: Controls what users can see on the web. A content filtering system enforces policies about web surfing and prevents inappropriate sites from appearing.
- Intrusion Detection: Allows a business to track who is trying to access its internet connection. Alerts and warnings will appear if someone is trying to hack the system.
Internal Digital Security is also essential. That involves:
- Business continuity and disaster recovery: In the event of a disaster, how long will it take your business to be up and running again? A business continuity plan maps out how the business will react, what elements it needs to function, and how long it will take to be up and functioning again.
- Business resilience: A plan for how the business will react to both good and bad changes. This allows the business to move quickly when those changes actually take place.
- Auditing: This allows your business to track access to files and folders. An auditing system can be augmented with other applications to ensure that there is more control over that access.
- Access: This category includes policies that limit who can see files and folders. It is used to segment the information inside a business into groups, then apply rules to those groups based on who needs to access what type of information.
- Best practice: A best practice is a method or technique that has been shown across many businesses to get the best results—in this case, in protecting the business infrastructure. Best practice is applied at the enterprise and government level, but there are a number of them that can help a small and medium business.
- Policy and procedure: Looking at jobs in terms of policy and procedure allows a business to create documentation that allows any user to do any job. It is usually a sign of business maturity.
- Compliance: Being aware of legal requirements and complying in a timely fashion prevents last-minute scrambling to fulfil those requirements—and, of course, helps avoid fees and penalties.
With these components in place, you’ll protect your data while giving access to those who need it.
SME’s and not for profit organisations should consider all the items on this list and invest in the level of digital Security protection that fits their budget and business needs.