5 Information Security Tips for SMEs

Protect Your Business, Regardless of its Size

When starting a business, information security isn’t usually at the forefront of your mind. After all, you’re now in charge of other people’s salaries, paying taxes, and trying to make a profit. However, the last thing you want to happen is for your company to be hacked. Being a victim of cyber-attacks can lead to the theft of sensitive data from your customers and staff, as well as financial losses for your company.

Cyber security can have a reputation for being expensive and requiring an IT department to manage all the additional work it entails. But protecting your business doesn’t have to be expensive. In this article, we are going to share 5 top tips to keep your small business’s data assets safe.

The sooner you implement a security system, the easier it will be to keep your business safe. However, it’s never too late to get started, so if you haven’t already this is your sign to!

Tip 1: Keep Software Up to Date

We’re all guilty of having hit the ‘Remind Me Later’ option at some point on our laptops or desktops. Advising that you keep software up to date may sound incredibly simple, but you would be surprised by how many people don’t update their devices whatsoever.

There are all sorts of risks if you don’t update software: bugs, incompatibilities, risk of data breaches to name a few. So, what can you do as a business owner to make sure that all company devices are fully up to date?

For devices that multiple people have access to, it’s a good idea to do a technology audit and make sure that everything is as up-to-date as possible.

You can turn on automatic updates on company devices. This is the best way to ensure that it is actioned.

Tip 2: Steer Clear of Public Wi-Fi

So, you’ve switched up your working environment. Starbucks may seem like a great place to get some work done away from the hustle and bustle of the office, and that caramel frappe is a great incentive to work from there. But, connecting to the Wi-Fi there is bad news.  

Don’t allow your employees to access anything on your work network whilst using public Wi-Fi without using a VPN (virtual private network). You may actually want to take this a step further and insist on no access to public Wi-Fi networks on company devices (sorry, Starbucks…).

Public Wi-Fi networks are a hacker’s playground and can be incredibly dangerous, even for highly protected devices. Such networks are often found in airports, cafes, and even communal working areas. They should be used a last resort – but are best avoided altogether.

Tip 3: Use a Password Management Tool

A password management tool is used for storing and managing a user’s passwords for multiple accounts. With the help of a master password, password managers store passwords in an encrypted manner and give secure access to all password information. There are many different types of password managers out there, each with its own encryption method, storage type, and additional functionality. Our personal favourite is LastPass which has a free option and of course cost-friendly for small businesses.

Tip 4: Backup Your Data Regularly

The majority of ransomware attacks lock you out of your computer and refuse to let you back in unless you pay a large sum of money. If you haven’t backed up your data, then you’ll likely never be able to access it again.

If you backup your data online, or in the cloud, you should be able to wipe your device to remove the ransomware and then download all your data again. By doing this, you won’t have to pay any money to hackers. You’re also more likely to be able to get your business back up and running sooner.

It’s critical that you back up your data not just on your computer, but also online or on an external device that isn’t linked to the internet.

How often should you backup your data? This depends on the kind of business you run, but your best bet is to get staff to back their computers up at least once a day. Most businesses can get away with backing up once a week and situationally after any important work has been done.

Tip 5: Implement ISO 27001

ISO 27001 is the internationally recognised standard for information security management systems. ISO stands for the International Standardisation Organisation and is the organisation responsible for publishing the standards. Such standards exist to ensure good information security practices, good health and safety, and more.

Benefits include:

  • Win new business and sharpen your competitive edge.
  • Avoid financial penalties and losses associated with data breaches.
  • Protect and enhance your reputation.
  • Comply with business, legal, contractual, and regulatory requirements.
  • Improve company structure and focus.

Need Information Security Management Support?

Candy Management Consultants are a friendly team of experts that consult on ISO certification and Health and Safety. Our mission is to streamline your compliance processes to match specific ISO standards or Health and Safety systems with your business’s day-to-day operations.

We offer consultancy on ISO 27001 and are here to advise and answer your questions.

Get a Free Quote.

Scroll to Top