Secure your IT system - action list

1. 1 Make IT security a priority. Technology is integral to every small business, even those with just one computer. Online criminals are increasingly targeting smaller companies, so no matter whether you store client lists or confidential product information electronically, take steps to protect it.
2. 2 Make someone responsible for IT security and ensure they have the time and resources to push through changes. If not, it’s easy for things to get overlooked.
3. 3 Assess the risks to your IT system. Look at how you and your employees use IT to identify vulnerabilities. For example, if you use the internet then you will need a security package that includes virus and malware protection, plus a firewall.
4. 4 Take care of IT security basics. Simple precautions like not opening email attachments from unknown sources, learning about threats like phishing and changing passwords regularly can significantly reduce the risks.
5. 5 Draw up an IT security plan. Once you have identified the risks your IT system faces, write an IT security plan. This should set out general rules to minimise the threat of hacking, theft and data loss.
6. 6 Be prepared to invest time and money. Good security software with regular updates usually costs money. It also takes time to identify what precautions you need to take.
7. 7 Perform regular backups. At some point, every business will suffer a data loss — perhaps a result of accidental file deletion or a failed hard drive. Having a good backup system enables you to recover important data and carry on working. Many companies use online backup tools.
8. 8 Protect lost property. One of the quickest ways for someone to access your data is through lost or stolen laptops, smart phones or USB memory sticks. Mobile equipment should be password protected and encrypted.
9. 9 Be aware of staff-owned devices. If employees are using their own smart phones or tablets for work then make sure this doesn’t create additional security risks.
10. 10 Train your staff. Ensure all employees are familiar with your security plan. Explain security procedures clearly, both during training and in employment contracts. For example, make it compulsory for staff to change their passwords regularly or to encrypt sensitive emails.
11. 11 Make it easy to be secure. One of the biggest threats to good security is employees who circumvent rules because following them makes their jobs difficult. It’s important your security measures don’t place an unreasonable burden on staff.
12. 12 Secure your website. Your website could be one of your weakest spots if hackers target you, particularly if it is the main point of contact for customers. In particular, make sure your online shop is secure.

Cardinal rules