Tech Tips

Data security checklist for SMBs

security checklist

As governments around the world introduce data privacy legislation, small to medium businesses (SMBs) are expected to keep up. Data protection is no longer simply a matter of good practice. It is a legal obligation to protect data, the most valuable new currency in the digital economy by having a security checklist.

For SMB owners, a failure to meet the expectation of consumers to safeguard their data can be legally and financially devastating – not to mention damaging to their corporate reputation. Data is now recognized as a significant asset to businesses, and a breach could seriously affect its competitiveness.

The legislation is now capturing a greater range of IT practices in business – and since businesses increasingly operate across borders, it is important to develop an understanding of the key laws. The EU’s GDPR, Australia’s NDB scheme and US laws all lay out various compliance requirements and prioritize the protection of consumer data and the responsibility to notify authorities of breaches. Here are some tips to help ensure your data remains private and protected.

  1. Compliance is key

SMB owners are no strangers to compliance. To adhere to evolving data legislation, owners need to recognize and understand their data reporting requirements. Starting from the beginning to identify what it is needed to be compliant now will more effectively prepare businesses for the evolving digital future. It may be time-consuming, but businesses need to manage their IT systems effectively to identify any areas that could be compromised.

  1. Data is an asset, not an overhead

Businesses are encouraged to change their perception of data. Understanding data as an asset that directly affects strategic decisions is critical to any 21st century business’s growth. Developing a data strategy will enable businesses to evolve, rather than be stunted by poor data management – especially as they grow.

  1. Develop a data strategy

Developing a data strategy helps businesses clarify when, where and how data is being processed, managed, stored and erased. After understanding the requirements for your business, develop a data strategy that manages personal data and prioritizes its security. Importantly, ensure your staff are aware of their responsibilities concerning data protection.

A sound data strategy will place SMBs in the best position to respond to data breaches and ensure they meet legal obligations. The more efficiently a breach is dealt with, the less harm to the consumer, the less costs incurred and, consequently, the less damage to the reputation of the business.

  1. Prioritize security

By now, the message is clear that businesses should prioritize security in their data strategy. Data theft is a crime, but legislation expects a business to have implemented data protection measures. Run an IT audit. Be aware of what hardware and software is in use, ensure security software – like encryption, antivirus apps and virtual private network solutions – are current and set notifications for renewals.

  1. Get the necessary support

Organizing the current data load while watching the horizon for future privacy requirements can seem daunting. Don’t have the expertise? A third-party provider can assess and manage personally identifiable information (PII) you hold and advise on future data management, control and processing. Consider legal advice or an IT company committed to data security.

Prioritizing data privacy is integral to maintaining consumer trust. A proactive approach will give SMBs the ability to adapt and evolve to ever-changing legislation in the modern technological world.

 

Data privacy training is critical

Data Privacy
Somehow when we think about data security and privacy, we tend to look to technology solutions to minimize risks. And, while technology solutions are certainly part of the privacy equation, there’s another area of risk that must be addressed: people.

Teach the teachers

Staff members, instructors, students, and even parents can all be ‘weak links’ when it comes to protecting sensitive data. Whether through viruses transferred between shared files or email, the sharing of passwords, or willful data theft, the perils of people can’t be overlooked.

But teachers play a crucial role, thanks to the amount of time they spend in the classroom and the on administrative tasks, like grading work, preparing lessons and communicating with parents and faculty. They must, of course, employ good security practices themselves. Then they can, in turn, model those good practices to their students and emphasize their importance to parents.

IT – a big part to play in data privacy training

That’s where the IT team comes in. IT leaders have an opportunity, even a responsibility, to train technology users about the risks that their actions may represent—whether inadvertent or intentional. But as any teacher will tell you, training must be more than a ‘one and done’ exercise. So, make good use of your colleagues’ teaching expertise and, once you’ve figured out what the content of your training must be, get them to help fine-tune how it’ll be delivered.

Ahead of those conversations, here are some best-practice tips for delivering privacy training designed to stick:

  1. Keep it fresh:The cybersecurity threat landscape is always evolving, as new attack vectors are discovered, and new exploits uncovered. This not only requires vigilance on your part, it also requires regular ‘refresher’ training for all users – at least yearly and preferably more frequently.

 

  1. Keep it simple:IT is notorious for jargon and complexity but many of your audience will have little to no understanding of technology, so make sure your lessons and instructions are easily understood and not steeped in data security terminology.

 

  1. Explain the ‘why’:It’s easy to ignore a rule or procedure if you can’t connect it to a larger purpose. You don’t need to get overly technical but explaining why security requires certain practices will help make them ‘stick’.

 

  1. Use examples:Don’t be sensationalistic but use a few simple and preferably local examples of security gone wrong to emphasize that the threats are real. Relate your examples to the ‘why’ behind specific rules or policies.

 

  1. Give feedback:Let your audience know when they’re getting things right and share examples of internal best practices as well as internal breaches as appropriate.

 

  1. Include the parents:Make sure your training includes some communications with the parents, through newsletters, notes and other means. Their behavior is a big influence on your students, so it pays to help them understand cybersecurity too.

Bonus tip: Get user feedback. It’s helpful to know if your instructions and suggestions are clear, if you’re clearly explaining the ‘why’, if there are suggestions on how to improve and so on. Opening the lines of communication between IT and others can help build relationships that boost compliance.

 

5 things to love about virtualization

Virtualization

Virtualizing your IT environment makes it cheaper and easier to deploy new capabilities to your stakeholders. By concentrating your storage and compute on servers (often hosted by a cloud provider), and deploying virtual machines (VMs) to users, you can reduce the cost of your desktop machines, centralize management and deployment, simplify security and governance, and offer new capabilities faster.

Here, then, are five reasons why you should virtualize – and two reasons why you shouldn’t.

1: Reduced cost

Virtualized environments immediately reduce your capital costs, as you’re no longer paying for hardware upfront. Additionally, when you virtualize you’ll reduce the number of servers in your datacenters, reducing power consumption and cooling requirements. In short, you need fewer resources to run your servers and this means lower costs.

2: Increased flexibility

Virtual environments allow you to run multiple operating systems on the same hardware. This can extend the life of legacy applications without the cost and complexity of maintaining ageing hardware. More importantly, it means you can hold onto applications that are custom-programmed or hard to replace without holding back the rest of your IT services.

3: Better continuity

Virtual machine ‘snapshots’ make disaster recovery cheap and easy. So long as you have the right backup technology, you can simply replace a failed instance with the most recent ‘safe’ snapshot’ and resume operations.

Much of this process can be automated and there are advanced options that allow you to redeploy a server on another host machine without incurring downtime. Development and test environments can be cloned from live environments at the push of a button, so you can test without buying extra hardware or interfering with production.

4: Faster scaling

Virtualized environments are simple (and quick) to scale up or down. For example, if a server needs more processing power and memory, you can simply allocate more resources to it – there’s no need to physically add RAM or CPUs, as you would with a physical server.

This means your business can respond in real time to operational needs. Better still, if your cloud infrastructure features consumption-based pricing and is set up to automatically spawn new instances to cope with demand, then you’ll only pay for the processing power and bandwidth that you actually need.

5: Improved automation

Automation is a key feature of virtual environments as it allows your business to respond in real time to changing patterns of use and demand. Provisioning a new server, automating failover and scaling resources is very simple when you use the latest virtualization control panels. Most maintenance tasks can be managed through the console and set up to run by themselves, across any number of instances.

2 reasons NOT to virtualize

  1. Your business isn’t ready for it

If you run a small business or a relatively simple server environment, then you may not need to virtualize. Server virtualization can save you money, but as with any project there are setup costs. There is no point in virtualizing your environment if you can’t pay for the tools and management systems required to support the technology.

  1. Your licenses don’t allow it

Some software licenses simply don’t allow them to be run on virtual machines. You don’t want to be doing anything that breaches your software license agreement so be sure to check your entitlements before you virtualize.

Want to understand how to virtualize your network? Drop us a li