At PTG we walk into a lot of small and mid-sized businesses. We typically work with businesses owners or stakeholders who are very passionate about what they do - which is one of the greatest parts of our job. Unfortunately – we often find that they are not as passionate (at first!) about the security of their data.
We’ve been getting a lot of questions from customers and prospects: “How can we limit our risk on a similar breach?”. We tell our customers – 99% of a good offense is a good defense! (Yes, that’s backwards from what you normally here – but it’s true in IT.)
Most small and mid-sized business owners think that they are immune from breaches like the one at Epsilon. Maybe – but the truth of the matter is that small and mid-sized businesses are a prime target because they typically don’t have the resources from an IT security perspective that a Fortune 5000 may have. Here are the basic things you can do:
-Purchase a good firewall. A good firewall, properly configured, will run you between $1500 and $5000. Money well spent.
-Implement a password policy. If your password is ‘password’, or ‘123456’ then you don’t have a password policy! If your password is taped to your screen, you don’t have a password policy! A good strong password is at least 8 characters and includes numbers, symbols, upper case letters, and lower case letters.
-Talk to your staff about security. Make sure they understand that everyone plays a role in keeping data secure. We love social media – but you don’t know what may lurk behind that shortened URL on Twitter or Facebook. Consider limiting the use of social media in the workplace to those who have a need to use it – like the marketing department.
-Talk to your staff about security. (Is there an echo here?) Don’t click on attachments in email – no matter how cute you think the dancing kitten movie may be! Don’t even open attachments from colleagues unless you are expecting the attachment. Also – remind staff that no one will ever be asked to update a password or give a password out over email, IM, or social media.
-Keep an eye on your removable drives (like USB or flash drives). Remind your staff to know what data is on them if they are taking them out of the building. You may even consider encrypting them.
-Whoever is responsible for rotating backups offsite – make sure they understand the importance of their job. The tape shouldn’t be left on the front seat of the car in the Wal-Mart parking lot while they are shopping.
-Most of all – just use good common sense!
Of course – if you would like to have a member of the PTG team do a security audit – we are here to help!