17 May Checklist: Information security in small businesses
It is known that security is fundamental, regardless of size or business segment, however, it is common for small businesses to find obstacles in security projects, and sometimes because they judge it to be a high investment and others to think that security features are not applicable in the enterprise environment.
The difficulty of identifying the need is attributed to the fact that security is still very much associated with the pillar of protecting information against attacks, evasions and the like; so, small companies have greater difficulty in realizing value in preventing these occurrences, and often fail to make the investment tangible/viable.
If you have difficulty justifying investments in information security, we suggest the use of two materials that substantially facilitate the feasibility analysis. The first one is called Productivity Calculator, where you can measure how much the misuse of the internet in your company and the blog post How much is the misuse of the internet for your company?, where we help you to glimpse items to be used in the process of making feasible security projects.
In situations where the company does not attach high value to information, it is important to remember that security solutions address other needs that are apparent in any business that has a minimal administrative structure with some computers. We can especially cite the productivity and availability of the internet.
So, from now on, if you have a smaller business or are in a segment seemingly little mature for security, think not only of information theft, but also of increasing the productivity and availability of the internet for your business.
We have prepared an 11-step checklist to assist in the implementation of security solutions in small businesses, or even in larger businesses, but which have little maturity or awareness of the importance of security.
- Hire a good security provider to assist you throughout the process, although this is not mandatory, having the experience will certainly enhance your success;
- Always use legitimate software, this will give you access to constant updates and avoid malicious code that can expose your environment;
- Use an antivirus that has a good reputation (you can visit av-comparatives.orgto see a list) and keep it up-to-date on your devices;
- Use a corporative firewallthat is easy to manage and has excellent support, which allows you to manage Internet access, to automatically check for more than one internet link, which provides monitoring reports on internet usage and related facilities;
- Create minimal guidelines on how you would like the internet to be used, prioritizing certain websites or internet applications, controlling some content in business hours, among other similar facilities;
- Verify based on the minimum guidelines how the deployment will be performed, whether it will be for the entire enterprise, whether policies will be flexible by groups and users, and other facilities;
- Parametrize how reports should be sent to your e-mail or managers’; this greatly facilitates the process of monitoring the structure, with summary information and of interest;
- Use secure remote access with VPN if you need access to data/systems outside the corporate network;
- Create a basic employee engagement term by accepting internet usage or safety guidelines, clarifying purposes and increasing engagement;
- If you offer wireless network to visitors, check the possibility of implementing Captive Portal, allowing secure access to users;
- Ask for basic solution operation training so that you are aware of and perform simple configuration maintenance tasks, minimizing reliance on the vendor.