|Download our FREE white-paper: "Eight secrets that IT professionals don't want business executives to know".
"The service we receive from Twist Solutions is prompt and efficient. We are very happy to have support from an organization that is there when we need them."
– Bob Lilly Jr., President Bob Lilly Professional Promotions
:: Case Study
Providing smooth IT operations for a growing business... more
Is your IT department necessary? You may be surprised by the answer...more
Security and Privacy at small and mid-sized businesses: How to get a good
By Kevin Trottier
Executives at small to mid-sized businesses that we have surveyed state that
one of their top technology concerns continues to be security and privacy.
Small to mid-sized businesses store vital data: client files, accounting
records, corporate records, email communications, and more. Failing to back up
this data or keep it secure can ruin a business.
Most small to mid-sized businesses have taken essential steps to consider
security and privacy in all that they do. And still, they wonder if they are
doing the right things. This article highlights the four biggest issues that
small to mid-sized businesses face, and the simple steps they need to take to
address these risks.
Risk #1: Data Backup and Storage. The costs of recreating lost data for
a small to mid-sized business can be huge, both in terms of recovery and the
cost to the firm’s public profile and image. For instance, a firm simply can’t
afford to recreate three months of accounts receivable invoices.
Solution: It is crucial to have real-time, frequent backups and to confirm that
data retrieval processes are working. Manual backups can be less
expensive than automated backups, and equally reliable. At the same time, small
to mid-sized businesses can’t overlook the process of retrieving backups. In
fact, retrieving lost data often proves more risky than storing data in the
first place, and is often overlooked by small to mid-sized businesses
that focus more on data storage. It is essential to test retrieval of stored
data on a regular basis.
Risk #2: Threats from internal sources. In the case of small to
mid-sized businesses, threats from internal sources are often larger than
threats from unknown hackers. We are aware of a number of cases of attempted
fraud. For instance, an employee at one business managed to hack into escrow
holding accounts, as well as private files containing owners private credit
Solution: Only authorized users should be able to access vital data, a strict
privacy and security policy should be in place, and businesses should be
especially careful when adding and removing employees/users. Of course,
most small to mid-sized businesses have created a network architecture with
unique user names that is password driven. Unfortunately, we have found that
many businesses have become complacent and sloppy with this type of system. For
instance, they share passwords or give each employee/partner the same password.
Even businesses that do follow this system can go further by checking the log
files on the servers and on applications, and by testing network security each
time an employee comes or goes, to ensure that there has been no security
Risk #3: Turnover of in-house technical resources. We have found small
to mid-sized businesses experience turnover of their in-house technical
resources every 12 to 18 months. Most of the time, these “technical” employees
did not create written processes and procedures for security, or kept them
inside their heads. Turnover of staff therefore can lead to decreased attention
to privacy and security, and make a small to mid-sized businesses vulnerable.
Solution: Small to mid-sized businesses should have a formal, written procedure
and set of standards in place for testing their system for breaches and risks.
They should test their system regularly, and also check log files – especially
during employee transitions. These standards and processes should have a life
independent of any single employee.
Risk #4: Vendors, especially IT vendors. It is a secret in the IT
world that many IT service providers create more security and privacy problems
than they fix. That’s because they may lack good security procedures and, if
they are vulnerable to hacking, so are their clients. Any vendor that connects
to your systems can make you vulnerable to hackers.
Solution: Small to mid-sized businesses should screen all vendors, and
especially IT vendors, to ensure that they have a secure infrastructure.
Ask them how they connect to your computers in order to maintain security.
Request their written policies and procedures about how they govern security
and privacy. Find out how your security might be compromised if someone breaks
into their system. Ask about how they recruit and screen their employees.
Conclusion: Don’t get complacent
The solutions to privacy and security issues are technically straightforward.
What is often lacking is a proactive, consistent approach to ensuring that
security remains strong. In addition, it is challenging to find the right
resources to be truly accountable for security and privacy. Due to turnover and
other demands on their job, in-house technical resources are often not ideal
candidates to handle these vital issues. Conflicting demands on their time can
lead to the appearance of security without actual compliance (e.g. passwords
that people share; lack of written procedures and standards). When they leave,
small to mid-sized businesses are vulnerable, often for some time. Meanwhile,
many IT vendors lack the infrastructure and expertise to adequately secure
small to mid-sized businesses firm’s vital data and applications.
Small to mid-sized businesses must stay on top of security and privacy issues,
and be sure that they follow a consistent set of policies and procedures.
Kevin Trottier is the co-founder and principal of Twist Solutions, LP. Twist is
a Dallas, Texas based company specializing in computer system and network
management services. Kevin can be reached via contact us.