Story image

SMBs should take security more seriously

02 Jul 10

AVG has sent along some tips to protecting small and medium sized businesses from online threats as well as offering up some simple guidelines on developing an IT security policy.

While big corporate have all the IT security and usage policies they could ever need, AVG reckons that the smaller businesses among us have no policies in place.

Lloyd Borrett, Security Evangelist at AVG, said, “Do all users have guidelines for distribution of inappropriate content? Do all users know when their Anti-Virus, Anti-Spyware and Firewall settings need to be updated? Do all users know what the company policy is regarding the use of personal devices from PDAs and smartphones to USB sticks and media players on company premises with company equipment?”

If your answer’s no, then take a look at these steps to protecting yourself:

Security Policy



  • Decide whether computers, laptops and software are to be supplied by your company, or by your staff – and reflect these decisions in your policies, purchasing and processes.


  • Document a simple acceptable-use policy for any computer that is used for company business or media that is used to store or transport company data.


  • Create an acceptable password-strength policy and ensure that all computers and other IT equipment are password protected.


  • Require that all security incidents are promptly reported and managed to a business stakeholder.

Technology



  • Ensure all operating systems, software utilities and application software are updated with the latest security patches as they are developed – preferably using automatic update technology.


  • Ensure all computers have an up-to-date, business quality security software suite on them.


  • Every computer should have its own firewall software, in addition to any premises-based network firewall you may be running.


  • If managing your own file storage and email servers, ensure these are also running up-to-date, business quality security software.
 

Process



  • Ensure all staff receive basic online security training and instruction in your policies.


  • Ensure regular backups are taken of all company files, data, email and other systems.


  • Change all passwords regularly, especially when an employee or contractor leaves the company, and in particular change administrator passwords or shared passwords to centralised networks or systems.

How serious does your company take IT security?

Pic

Virtustream launches cloud automation and security capabilities
Virtustream Enterprise Cloud enhancements accelerate time-to-value for enterprises moving mission critical apps to the cloud.
Digital Realty nabs new executive appointment from Equinix
Keep your friends close and your enemies closer could be the game plan that Digital Realty is currently following.
CSPs ‘not capable enough’ to meet 5G demands of end-users
A new study from Gartner produced some startling findings, including the lack of readiness of communications service providers (CSPs).
Atos launches new French data centre – more modules to come
Atos together with the Yvelines departmental Council has officially launched its new data centre in Les Clayes-sous-Bois, Yvelines.
EU cloud adoption rising, but still far from mainstream
Cloud adoption is surging among some European Union (EU) nations but it still has a way to go to becoming commonplace across the board
Industry cloud market forecast for ‘unusual’ growth
The market for industry cloud solutions is in good stead with that growth showing little signs of slowing.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.