Story image

SMBs should take security more seriously

02 Jul 10

AVG has sent along some tips to protecting small and medium sized businesses from online threats as well as offering up some simple guidelines on developing an IT security policy.

 

While big corporate have all the IT security and usage policies they could ever need, AVG reckons that the smaller businesses among us have no policies in place.

Lloyd Borrett, Security Evangelist at AVG, said, “Do all users have guidelines for distribution of inappropriate content? Do all users know when their Anti-Virus, Anti-Spyware and Firewall settings need to be updated? Do all users know what the company policy is regarding the use of personal devices from PDAs and smartphones to USB sticks and media players on company premises with company equipment?”

If your answer’s no, then take a look at these steps to protecting yourself:

Security Policy



  • Decide whether computers, laptops and software are to be supplied by your company, or by your staff – and reflect these decisions in your policies, purchasing and processes.


  • Document a simple acceptable-use policy for any computer that is used for company business or media that is used to store or transport company data.


  • Create an acceptable password-strength policy and ensure that all computers and other IT equipment are password protected.


  • Require that all security incidents are promptly reported and managed to a business stakeholder.

Technology



  • Ensure all operating systems, software utilities and application software are updated with the latest security patches as they are developed – preferably using automatic update technology.


  • Ensure all computers have an up-to-date, business quality security software suite on them.


  • Every computer should have its own firewall software, in addition to any premises-based network firewall you may be running.


  • If managing your own file storage and email servers, ensure these are also running up-to-date, business quality security software.
 

Process



  • Ensure all staff receive basic online security training and instruction in your policies.


  • Ensure regular backups are taken of all company files, data, email and other systems.


  • Change all passwords regularly, especially when an employee or contractor leaves the company, and in particular change administrator passwords or shared passwords to centralised networks or systems.

How serious does your company take IT security?

Pic