Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

10 IT security risks that small businesses can't afford to ignore

Ellen Messmer | May 29, 2014
While small- to midsized businesses (SMB) don't have the luxury of information security teams and resources that large enterprises can afford, they still face many of the same threats.

8. The era of mobile smartphones and tablets is here and it's disruptive. Whether a transition to using smartphones or tablets in your business has begun or not, the recognition needs to be there that they represent new operating system platforms with different security requirements and methods of updating and control than older PCs and laptops. Though the mobile-device marketplace is fast-paced in terms of change, both business and IT managers alike should be strategizing on the management and security options — and that includes "Bring Your Own Device" situations where employees are allowed to use their own smartphones and tablets for business. It will mean balancing the security needs of the business with the personal data usage of the individual, who after all, owns the device.

At the very least, BYOD raises legal questions since business data is no longer being held on a device issued directly by the business. Mobile-device management software is often in consideration for use, with the question of whether to move to so-called "containerization" options for data segmentation. If it's any comfort, the big companies are all struggling with questions like these as part of the mobility revolution. There are no pat answers.

9. Don't forget physical access in all this. There should be a way to prevent unauthorized individuals from getting near business computer resources. That might mean the cleaning crews at night as well. Challenge unexpected visitors in a polite but determined way.

10. Though the business may be small, think big. Focus on policy. That means devising an employee acceptable-use policy that clearly defines how employees are expected to behave online, how data is to be shared and restricted. Have them read and sign it, making it clear if there's monitoring of online activities. There should be possible penalties for non-compliance. But just clamping down on employees is not usually a way to encourage the kind of creative thinking and productivity that businesses need in the world where online communications is critical. The challenge is finding the right balance.

 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.