Security solutions to improve your bottom line?

Small and medium businesses and not for profit organisations have been embracing the internet for the last 10 years.    It has become their main medium of communication, the single most important sales and marketing tool and the in most cases the only way that business can increase revenue and profits.   To most SME’s it is the only viable piece of technology for their business.

That is not all!   If not handled correctly it is one of the most destructive and devastating systems that has ever been invented.   If only used for good it is brilliant, it isn’t!   The problem is human nature.   Whether they are targeting your business, your money, your intellectual property (IP),  your clients or just wrong place wrong time, you will be targeted.

So let’s look at security and how you can protect yourself at these levels.

The Business level

How you do business is as unique as you are, so the way you protect your business will reflect your personality.   The business has to be functioning at all times, any break in sales and revenue will affect costs and expenses.   Most business will have insurance, locks on the doors and windows and alarms.   The same types of things are needed at a business level to protect your cyber components of your business.

So to protect the business you need a risk management plan, disaster recovery and business continuity plans.   You need to track access to your business information and as an insurance be capable of rolling back through your BC plan to a point prior to something happening.

Like anything else in the business world, prevention is better than cure.   Your business needs to make sure that the risk of something happening is weighed up against the chance that it will happen compared to how critical to the business that role is and how fast do you need to recover that role before it seriously impacts your business.

The Financial level

This is a slightly different level of protection.   The life blood of your business is your cash flow and normally any interruption to that will have detrimental effects on your business.   The protections required for the financial side are – implement a good end point protection component, but that is not enough, two layers of protection are better than one so it is better to implement some level of filtering at the firewall level.

You also need to enforce complicated passwords with complexity, length, and have them changed regularly.    Any password that you need to access bank accounts and financial institutions need to have at least 8 characters, have a mixture of numbers, letters, punctuation and special characters and finally need to be changed regularly.

The intellectual Property level

A focus on your business intellectual property will depend on what you consider important.  If your business revolves around new inventions or new processes then this is IP that needs to be protected.

The other level of intellectual property is your business list of clients, contacts and staff.  This information would be a boost for your competition if they received a copy of it.   To protect your IP you need to have enforceable policies, understandable procedures and processes that restrict access and monitor that access.

Depending on your IP you also need to become paranoid.   What would happen if your senior sales person was offered a better position and took all of your contacts with him.   How much damage would this do?  So you need to also have a decent level of auditing so that you can stop this from happening.

The Client information level

Your most important assets are your clients, they are the ones that keep you cash flow going and your business ticking over.   That said, you need to protect any information that you collect from them.

This includes names and addresses, critical business information and critical financial information.   If you collect credit card information you need to make sure that your systems do not record all of the information for no reason and furthermore that separate elements are recorded separately.

Wrong place wrong time

This is where you have been targeted by automated attack systems.   SPAM, malware and spyware are an everyday occurrence but there are times when it will seem that you have been singled out.   This is possible but most of the time it is because some script kiddy has got hold of a innocuous piece of software so that he can call himself a hacker.   You have become an accidental target.

To protect yourself you need to make sure that your technology is up to scratch, your systems are deployed with best practice in mind, they are patched and up to date.   You also need to make sure that all system are part of your end point protection suite.

All of these protections are also based on the fact that you have to plan and implement the changes that you have come up with.   Although the protection of your business is critical you are there to turn a profit and that is always the bottom line.   To turn a profit you have to invest wisely and there is no wiser an investment than creating a secure and stable cyber environment for your business to thrive within.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.