A recent article in the IT Security Press reports that SMEs (Small and Medium Sized Enterprises) are becoming much more aware of the threats to their IT security (InfoSecurity Magazine, September/October 2010).
The article quotes a survey carried out early this year by PwC which found that a staggering 74% of smaller companies had suffered an information security attack sometime in the past. It’s not surprising, therefore, that small business leaders have had to wise up.
However, it’s not all good news. Whilst most small businesses have locked down their systems to prevent attack from external threats such as viruses and spyware, they are perhaps less organised when it comes to preventing loss of data from the inside. Data loss or corruption is a real threat to the operation of even the smallest business these days and it takes just one disgruntled employee with the right access levels to do untold damage – or one misguided employee to reveal system access details (username and password) to a clever hacker using social engineering techniques.
The answer lies in not just setting good policies, but in ensuring that your team members both understand and implement them. Limit access to sensitive data to those who really need to know, control the use of portable media devices such as laptops and USB datasticks, train staff on the safe use of the internet.