How to protect your business information

Louise Bennett
Bennett says it's more down to planning than spending

The biggest information security problem for small businesses is coping with the complexity of their systems when they have no-one with the specialist knowledge on how to protect the data, and maybe no IT specialist at all.

Louise Bennett, Chair of the Information Security Specialist Group at the Chartered Institute for IT (BCS), says it's a significant problem. There are sources of information on the web for dealing with most issues, and there's always the option of hiring a consultant, but any firm that wants to keep its sensitive data secure needs a basic level of understanding in-house.

There is evidence that small firms are suffering; in April the Department for Business and Skills (BIS) published the annual Information Security Breaches Survey, showing that 87% of small companies had suffered a breach in the previous year, with the median number rising from 11 to 17.

Bennett says she thinks it's realistic for a small firm to develop the understanding to place itself in the minority that are not affected.

Obvious questions

"It's perfectly reasonable to sit down and ask yourself the obvious questions," she says. "First, is my business going to be adversely affected if I lose my IT assets, or my internet goes down or whatever?

"For some businesses it may not cause a problem, but you're very likely to be using the internet to source goods and pay. There's reliable research that shows that for businesses in which information is an important part of their business, if their IT goes down for more than a week then a significant number will go out of business.

"I think every small business is capable doing that kind of risk assessment, asking how much does that mean for me, and showing that you do understand that part of it well enough, and if you don't that you get help."

The first step should be to assess the risks to the business if different types of data are lost, stolen or become inaccessible through IT faults. Bennett says the Institute of Directors provides helpful information on risk management and security for small businesses, and the Information Commissioner's Office provides guidance on data protection issues.

Straightforward technology

The technology side is pretty straightforward, even if a lot of small businesses don't pay sufficient attention.

"When you buy your computer system you should buy a good quality security product and keep it up to date," she says. "If you collect personal data or have any intellectual property to protect, you need to do some basic encryption, and that can be done reasonably easily and sensibly."

Sometimes the free versions of anti-virus or anti-spyware can do the job, but she says that for most purposes it is necessary to invest in higher level tools that offer more thorough protection.

The BCS recently issued tips on IT security in the form a free guide covering 10 areas: perimeter security; physical security; access authentication; privilege management; online trading; social networking; mobile computing and communications; vulnerable groups; compliance with confidentiality laws; and evidence gathering.

Bennett says that two of the stand outs reflect the points already made about risk assessments and security software, with the third being to ensure that any mobile access to a business is properly secured.

Escrow for e-business

There is another step relevant to e-business she would like to see that isn't often an option in the UK; using escrow accounts to ensure that both sides are good for a transaction.

"It isn't widely used in this country yet it's a very sensible thing to do, particularly when you're starting to have a relationship," she says. "To ensure that you receive that payment and all is well it's quite sensible to ask for it to be put into escrow."

She has suggested that BIS sets itself up as a trusted third party in sponsoring escrow agreements to help smaller firms deal with overseas customers more securely. At the moment it's an idea that seems some way from fruition.

There's also a question of how much money a company needs to spend to ensure it is safe. It is sometimes claimed that IT security is a cost that has to be balanced against the relevant risk.

Bennett says there's no clear relationship here, and that it's all very specific to the context – some firms operate in markets where their data is more attractive to cyber criminals. But she asserts that in most cases it's more about planning than spending.

"The vast majority of it comes down to planning, thinking things through, understanding from your business model where you've got risks," she says. "You don't necessarily have to spend a fortune on it, you do the sensible things.

"But if it's getting to an area that you don't understand then you need to spend some money to get help and advice."

Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead