5-step security compliance for SMBs

Security Compliance
What is security compliance?

Being security compliant means your IT protocols follow prevailing local and international industry standards, as well as adhere to any laws that apply in your locality.

Examples include adhering to local privacy and security of personal information laws if, for example, you record your customers’ personal and/or financial details. There are also global standards, such as the ISO/IEC 27000 family, that relate to the security of information management systems and are considered best practice.

These standards are there to help organisations keep their information assets secure. Your business could be subject to fines or worse if you don’t act to adequately protect your data assets.

SMBs are at risk

The real impact of a data security breach is economic, and felt most acutely by SMBs, which often don’t have the human and financial resources to deal with it. In fact, around 71 per cent of security breaches target small businesses and 60 per cent of small businesses who experience a cyberattack end up shutting down.

The evolving nature of cybercrime also makes IT security a challenge for smaller organisations to keep up with.

Never say ‘never’

While many large-scale companies have been victims of hackers, including YahooSony and internet infrastructure company Cloudflare, when it comes to IT security, never assume your business is small enough to slip under the radar. Cybercriminals don’t discriminate.

Five-step security compliance checklist

Follow these five steps to ensure your security protocols are compliant:

Set up security protocol

If you don’t already have a security protocol, then create one straightaway and implement it.

Back up data regularly

Regularly back up all your data and store it securely, preferably off-site and in the cloud.

Patch up operating systems

Patch all your applications, specifically your operating systems, which are often used by hackers to target vulnerable computer networks.

Whitelist applications

Whitelist applications, meaning only approved software can run on your networks.

Manage admin privileges

Manage your administrative priviledges carefully so only your IT team can install software and security patches.

In terms of prioritising your resources, the trick is to strike a balance and focus on protecting your business against security issues that come with the most financial risk.

As a business owner, it’s your responsibility to identify threats to your organisation and take the necessary steps to ensure you’re security compliant. And think of it this way: ultimately, preventing security breaches will cost less than fixing one.

 

3 steps for mobile data security

mobile device security

There are three broad security risks facing mobile devices and their data:

  • Accidental physical loss or destruction
  • Inadvertent data disclosure
  • Deliberate security breaches or data theft

While each type of loss has unique qualities, there are key techniques and technologies that guard against all three.

Physical loss is one of the most common sources of privacy violation. Mobile phones, laptop computers, and USB drives can all go missing, whether temporarily misplaced or permanently lost. The solutions below can’t prevent these kinds of loss, but they can certainly minimize any damage that results.

Encryption

If no one can read the information on a lost or stolen device without authorization, losing that device is an inconvenience rather than a disaster.

File-level encryption selectively protects the files designated as critical or private but modern computers, tablets, and smartphones have processors powerful enough to make disk-level encryption a better, simpler and more thorough solution.

Best of all, most modern operating systems (such as Windows 10 and Mac OS X) include strong encryption capabilities.

Mobile device management

Mobile device management (MDM) solutions are a necessity for any well-managed mobile device fleet.

MDM has developed to a point far beyond Microsoft’s 1996 ActiveSync technology (that allowed companies to bring mobile devices into the corporate fold). MDM can now keep personal data separate from corporate data, enforce rules on which services can be used on mobile devices, manage encryption, and much more.

One of the more important of ‘much mores’ is applying defenses against mobile malware. This includes ‘remote wipe’ capabilities for compromised devices, and enforcing policies that prevent user behavior that is likely to make the device vulnerable. While MDM packages can be expensive to implement, the price pales in comparison to the harm that could be done to clients, not to mention the financial and reputational damage that could result from a breach.

Training

Most professionals don’t want to break rules or put information at risk, but when on the job their focus is rightly on their clients, not on best-practice data security procedures.

Continuous training on how to manage mobile devices will help make good habits second nature. This should include caring for mobile devices, and strong protocols around sharing the data. Technology tools, from proxy servers to MDM solutions that enforce good policies, will go even farther in protecting data and satisfying regulators.

Mobile devices are, of course, only one part of any organization’s IT infrastructure, but they make up a portion of that infrastructure that is increasing in size and importance.

If you’re looking for a ‘Key 0’ to make sure your storage is as safe as possible, here it is: Stop thinking that mobile devices are a small, unimportant part of your IT scheme. Put mobile first and it will pay off in reduced data loss from mobile storage devices and the professionals who use them.

 

Set your creativity free with analytics

Analytics

Using analytics to rebuild the enterprise and set human creativity free

‘Analytics’ is a term that gets thrown around a lot when we’re talking about data and online services. But really, it just refers to the discovery of patterns and connections in data. That means all of us are, in some sense, data analysts. If you’ve ever looked at a spreadsheet or accounting report for your business and tried to figure out where you’re making and losing money, you’ve ‘done’ analytics.

Of course, modern technology has made analytics more powerful and extensive than the small business owner poring over a spreadsheet could ever be. The field itself is ever-evolving and its techniques becoming ever-more sophisticated.

From describing to prescribing

Descriptive analytics was the starting point: looking at data to determine what happened. The next step was the development of prescriptive analytics: looking at data to determine what should happen, based on past data patterns and emerging trends.

This development was important because it gave business owners a new way to forecast their business’s future; they could make plans based on data, rather than their ‘gut feeling’ or best guess.

If a computer system can predict what is likely to happen, and has been given information on what business management wants to happen, the next step is to provide the analytics system with the ability to tell management how to tweak inputs to get from the predicted future to the desired future.

The next big step in data analytics

Industry analysts see several possibilities for this next step. The first involves analytics systems being used to advise management. This is the traditional role of the IT system, but in the high-speed world of modern business it might not be fast enough to react to changing circumstances.

The second step is to adopt the analytics system’s prescribed actions to be the organization’s default decision maker, which is only to be overridden in the most extreme circumstances. And that leads to the third form: using the analytics system to feed commands directly into an organization’s process control and resource planning systems.

What happens to us humans?

The goal is to remove fallible humans from data-driven processes, maximizing their efficiency and reducing the costs associated with human operators and analysts.

More important, it allows businesses to free their staff from data handling, so they can concentrate on their highest-value contribution: their ideas. If team members can spend their time building relationships, researching and creating new product and service ideas, and creating a strong and transparent business culture, then (in theory at least) the organization should prosper.

Such an arrangement is already feasible. Major enterprise software companies are already demonstrating the integration of analytics and ERP required to take human managers out of the loop. While it sounds frightening to many, this merely brings to manufacturing and other types of enterprise the sort of automated business activity that financial services have already embraced in their trading operations. Prescriptive analytics will become a competitive advantage for the companies that embrace it; the real question is how quickly IT departments can be ready, and how eagerly team members embrace their new, more creative roles.