Security means different things to different people and even within the IT sector you will probably come across a wide variety of definitions. For the purpose of this article security is defined as the ability to guarantee continuity of business and confidentiality of business data through systematic analysis and management of threats and risk.

When we talk about security we often talk about the AIC Triad; the objective of any security policy is to ensure the availability, confidentiality and integrity of business data. If one of these three principles is compromised the security policy has failed and business continuity is jeopardised. Security threats can come from a variety of sources and as a small business it's easy to become complacent. This article will take a look at some of the common threats small businesses face and how those threats can be mitigated to reduce risk and improve security.

Threats to the small business

• Loss of data - The biggest threat to businesses of all sizes is loss of data; be that through accidents or mistakes, malicious intent or hardware/software failure. A well setup and maintained IT infrastructure will massively reduce the risk of loss through each of these paths but can never completely rule out data loss. This is why we insist that all of our clients have a suitable offsite backup policy in place.

• Viruses and Malware - Viruses and malicious programs form one of the most pervasive threats to businesses in the modern age. In 2003 Trend Micro estimated viruses cost businesses $55 billion in damages, up 100% from 2002¹.  Every business using IT should invest in some form of virus protection and ensure that all their programs are updated with the latest patches.

• Fire & Disasters - No one wants to think about the worst happening but small businesses, especially those that operate on a single site, are at a far higher risk of loosing their business completely in the event of a fire or disaster. It's a sobering fact to realise that after a fire, 70% of businesses will fail within 3 years². Regular backups, stored offsite, and disaster recovery procedures are crucial if a company is to recover from a fire quickly and maintain continuity.

• Theft - Theft is a two fold problem for all businesses. The loss of IT assets obviously has financial implications but the loss of intellectual property can be even more devastating. Statistics show that 600,000 laptop thefts occur annually, totalling an estimated $720 million in hardware losses and $5.4 billion in theft of proprietary information³. Reducing the risk of data loss and minimising the damage if data is stolen involves the introduction of physical security policies, the encryption of data stored on laptops and removable media and the secure backup of company data.

• Hacking - It's easy to fall in to the trap of believing that only large companies are subject to the attention of hackers. Whilst it is unlikely that you would be targeting specifically by a hacker most hack attempts are automated; as such any connection which is publically accessible (such as your internet connection or wireless network) is a potential security risk.

"After a fire, 70% of businesses will never start up again or will close within the next three years"

The Good News

The good news about IT security is that many of these threats can be mitigated by a combination of well implemented IT, staff training, good practice and careful planning. Security should be re-framed as the responsibility of the entire organisation and not simply left to the ICT department. Only be ensuring security remains a high priority, high visibility priority will managers keep ahead of changes in technology that could negatively impact upon old security policies.

If you're concerned about security or would like to know more about our security services please feel free to call us for a free, no-obligations chat about your needs. Geek-Guru; your ideal security partner in a changing world.