What level of security is appropriate for your business?
Everyone is aware of the need for security when they are using a computer. Cyber-attacks are talked about in the news with increasing regularity with large businesses being completely hamstrung by the attacks. So, how does cyber-security work for small companies?
The answer is actually provided by the business answering two questions:
First question: “How much risk are you prepared to bear?”
and
Second Question: “How much are you willing to spend in terms of time and products to protect yourself?”
Neither are trivial questions and the answers you give will depend on all sorts of things: your outlook on life, whether you’ve been “got” in the past and, to some extent, on your age.
So how do you set about deciding what your answers should be?
Defining your level of risk
To answer the first question, you have to define the level of risk to which your business is exposed in the different areas that it operates. Here are just a couple of examples:
- A website that is interactive and taking input from users (one running an online shop, allowing users to update something or a forum) is probably more attractive prospect for hackers than a static website with just a couple of pages of information. They could do more damage to your reputation at least.
- Sharing information with other business is another area to think about. Are you using DropBox, Office 365, Google Apps or any of the myriad of other online applications? Do you know how good their security is? Is the information you are sharing critical to your business?
- What about email?
- What personal information do you need to protect for your customers and staff?
The list of things you need to consider will vary between businesses but the above gives you a feel for the sort of questions to ask about your business.
How much to you want to spend on security?
Both time and money will be spent in protecting your business, so you need to consider how much you can afford to spend and compare it to the risk you are covering.
It is very easy to create a wonderfully secure system than means you or your customer have to jump through so many hoops to complete a simple task that a job that should take a few seconds now takes several minutes. For internal tasks, this might be fine if you only do this task once a month. If you have to do it several times a day, you will be eating into your time available to such an extent that the system is not viable. For tasks involving your customers, then you are likely to be upsetting existing ones and driving potential clients away. Either your business costs will increase or you (or your staff) will take shortcuts and reintroduce the security risk.
Also, buying in security solutions costs money and you have to consider how much you want to spend. Some secure systems are too expensive for a microbusiness but perfectly justifiable for a larger one.
What is your outlook on life?
We come across a wide range of attitudes to security when dealing with businesses. Some of these relate to age: younger people who have grown up in the digital age are more likely to accept a greater level of risk than older people who view all this as new-fangled, strange stuff to be feared. It’s not necessarily true as some older people are happy to embrace the new and younger can be cautious.
Falling foul of a security breach will also colour your opinion. If you have your identity stolen or your website hacked, you are likely to take precautions to prevent it happening again.
Just bear in mind your outlook when you are answering the questions. Get a second opinion if you suspect you are over-biased in one direction.
So back to the questions:
With that in mind, I suggest you sit back and take a look at your business and answer the two questions before deciding whether your current level of security is sufficient.
First question: “How much risk are you prepared to bear?”
and
Second Question: “How much are you willing to spend in terms of time and products to protect yourself?”