While information security attacks against multinational corporations and governments get the most press, over a third of all targeted attacks are focused on small businesses with under 250 employees. While it is easy to get caught up in the media’s coverage of the latest big attack, it’s important to focus on strong security basics.
The first step to strong security is to identify what information is valuable to your organization. While this may seem obvious, it is important to take a comprehensive inventory of the data your organization is responsible for. Contracts, patents, financial documents, and other similar items are easily identifiable, but others such as customer information, employee emails, websites may not be as obvious. Be sure to include information that is not necessarily digitized – just because confidential files are in paper form does not mean they should be exempt from good security practices!
Location, Location, Location
Once you know what you are trying to protect, it is time to determine where the information currently resides. Location refers to both the digital portion, the folder where files are stored, and the server where that folder resides, and the physical, the actual location of that server. Physical security is often overlooked, but an attacker with physical access to a device can bypass even the strongest security measures. Having a good relationship with your IT team and dealing with faces you recognize can help immensely with managing physical security. 2K not only focuses on strong client relationships, but you can look up the names and faces of every team member on the 2K Team page here on our site!
Data rarely stays in one place in our interconnected world, and it is important to examine how your important information is accessed and communicated. The weak link in the chain of security is more likely to be an open Wi-Fi network or confidential documents on a USB drive than the hacker you see in the movies infiltrating your servers.
Common sense is one of the most important components of good security practices. While in-depth security training isn’t necessary for most business owners and their employees, being aware that care must be taken when dealing with valuable company data. Attackers are more likely to target your employees with social engineering, for example, posing as a client and asking for a password reset, than trying to brute force their way to your data.
While information security is a complicated field, it is important to start with the basics. What data is important, where it is, and how it’s transmitted. 2K Networks would be happy to help you with this process, and you can request a free on-site network analysis.
Standards / Best Practices
* NISTIR 7621 Small Business Information Security
* ISO/IEC 27001