New Year resolutions for the security-conscious small business

What would a new year be without a list of suggested resolutions? On top of vowing to go to the gym three times a week and never smoke again, you will want to check out these three resolutions for security-conscious small businesses. They may be more achievable than the healthy goals!

Tackle password management

Even though we now have card readers, RSI tokens and biometrics, generally speaking, the de facto way of securing anything involves a password – either on its own or as part of two-factor authentication. In these days of heightened security awareness, we’re now expected to create and manage multiple passwords just to be able to go about our daily business at a basic level and we’re expected to change them regularly too.

Let’s get real about this, without the help of a password manager, most of us have some kind of “password strategy”, which involves using variations of the same password (or at best a small group of passwords). This makes things memorable but is far from ideal from a security perspective. Make 2019 the year you tackle password management, and take a serious look at spending some money on password-management software for you and your staff and firming up your passwords to something completely uncrackable.

Secure your mobile devices

First of all, you need to know all the devices that are allowed onto your corporate network, especially if you’re running a “bring your own device” policy, which gives employees a certain degree of flexibility to choose their own equipment.

If not, then you need to tackle this as a top priority. With this done, you then need to undertake a security audit of the mobile devices used in your organisation. In fact, make a resolution to do this (at least) once a year. There are three key points to check:

  1. All mobile devices must have security software installed
  2. All mobile devices must only run trustworthy apps
  3. All apps on all mobile devices should have security-friendly settings

NB: While we’ve been talking about mobile devices, pretty much the same comments apply to any smart devices, meaning anything which can connect to the internet and/or be controlled remotely.

They come in all kinds of shapes and sizes (literally) and can serve all kinds of different functions so it can be dangerously easy for them to slip into your organisation without anybody actually realising their significance until it is too late and they have played a role in a security breach.

Review your overall security

You can have a brilliant IT security system in place, but it’s not going to do you a lot of good if an innocent employee holds a door open for a thief to walk into your office and walk out with your equipment or your passwords.

Commit to reviewing your physical security and to refreshing training for your employees to remind them of your IT policy and to the importance of adhering to it. While you’re at it, make sure nobody has their password on a post-it note underneath their computer keyboard or written on a whiteboard in the office.