ITWales.com

How safe is your business online?

by Tony Neate

Tony Neate, managing director of Get Safe Online Internet crime can seriously damage your business. Trust me, I've seen it happen. I've been a police officer for thirty years and for the last five, I have worked for the National High Tech Crime Unit, now part of SOCA, and Get Safe Online. Let me give you some examples (who, for obvious reasons, prefer to remain anonymous).

Take a medium-sized accountancy firm. Their website was hacked and used to send out millions of spam emails. As a result, the company hosting it took it offline for a week while they spent sleepless nights trying to fix the problem. No website, no new business.

What about the manufacturing company where a disgruntled employee quit and took a copy of their customer and prospect database to a competitor on a memory stick? Or the software developer whose email server crashed when it was overloaded with viruses. They lost five years' worth of emails in a single night.

Then there are the tens of thousands of laptops that are lost or stolen each year. Each one opens a door into your network and gives data to criminals that could be worth much more than the replacement cost of the computer.

No sane boss wants these things to happen to his or her business. This isn't a geeky question of technology or some vague threat. According to the DTI's Security Breaches survey this year, 62 per cent of all businesses experienced some kind of IT security problem. Protecting yourself online is just good business.

Four key questions

If you want to know how safe your business is, there are a few simple questions you should ask yourself. These aren't technology questions; they are board level business issues.

What are you trying to protect? Typically, this includes sensitive data like customer records and sales information or your ability to trade online or keep your website available but don't forget intangibles like your time, your company's reputation and staff morale.
Where are the risks? You might think viruses and hackers from outside the business are the biggest problem. You cannot ignore them, but you should put at least as much attention on insider threats such as data theft.
Who is responsible for IT security? What is our budget? Is the level of responsibility and resources in line with the risks? (Compare the amount you spend on insurance each year, for example.)
What are we doing about it? Do we have a plan? Do we have the right software? Does it cover everything? Do we have the right staff policies and training to cover the risks?

Business security checklist

The good news is that an ounce of prevention is worth a pound of cure. Here is a brief checklist of the things you should be doing right now to protect your business. This is standard stuff and there are lots of people who can help you fill in any gaps in your protection. It's not difficult but you need to tick all the boxes to get good multi-layered protection.

Get advice and help - Figure out what you can do yourself and where you need help.
Physical security - The easiest way to disrupt your business is to steal a server or a PC. Make it more difficult for thieves with alarms, window locks etc.
Backup - Make sure your critical data is regularly backed up and stored safely offsite.
Access control - Give staff access to sensitive information on a need-to-know basis according to the role in the company. This limits, but doesn't eliminate the risk of data theft and sabotage.
Staff training and policies - Staff behaviour is a security risk and can be a source of protection. Help your staff to understand what they can and can't do online and how they must be careful to protect the company (and their jobs) from online threats. You can't stop people being malevolent through training but you can stop them being ignorant.
Protection software - you need anti-virus, anti-spyware, firewalls, spam filters and regular software updates. Most people think that software is all you need but it is only part of the solution.
Secure your website - The more dependent your business is on your company website, for example the more you sell online, the more attention you need to spend on making sure hackers can't break it.

Where to get more advice

For more information visit the Get Safe Online website. There's a whole section there on protecting your business with lots of practical, easy-to-follow advice. We don't have anything to sell so we're independent and objective. We also have a blog which will keep you updated with the latest threats and news.

My final bit of advice: a good plan today is better than a perfect plan tomorrow. Don't put off checking your security - do something about it today.

About the Author
Tony Neate was a police officer for thirty years, the last five of which were spent at the National High Tech Crime Unit, before taking on the role of managing director of Get Safe Online. The organisation helps individuals and small businesses protect themselves against internet threats such as viruses, spam, spyware and online fraud.

The site has been created by HM Government and leading businesses working together to provide a free, public service. It is a one-stop-shop for independent expert advice.

Send a comment about this article to editor@itwales.com .

Home, Services, Events, Features, Interviews, Profiles, Reviews, News, Resources, Press