Proactive plans thwart SMB threats

One of the most important things a small or medium-sized business can do today is protect its data. The longer it takes a business to get back up and running after a catastrophic data loss, the greater the chance that the company will lose money and customers.

The good news is that data protection options for SMBs are more powerful than ever. The bad news is there are more threats to worry about. Now, in addition to natural disasters such as hurricanes, fires, power outages and floods, SMBs also have to worry about man-made disasters, including sabotage and human error.

At the same time, IT system and data security threats such as viruses, spyware and other malware have become more sophisticated, and the threat of hackers and nefarious insiders remains.

Taking action

A well-rounded protection plan can insure SMBs against most disasters. Developing a plan may seem overwhelming, but there are some simple issues and basic technologies that every data protection plan should include:.

Decide what you need to back up. Ask yourself, "What can we afford to lose?"
David Luft
Senior Vice President for
CA's Small and Medium Business Program Office

The question is, how do you determine whether you need just a few CDs for manual data backup, or if you need to use automatic backup and restore software? Here are some steps to take to determine what you need:

1. Decide what you need to back up. Ask yourself, "What can we afford to lose?" 

2. Know your data environment. Then determine where that data is located in your IT system. How often does it need to be backed up? How often is it retrieved or restored?

3. Document backup policies and procedures.

4. Validate the integrity of the backups. Make sure they are complete and that you haven't backed up viruses or other malware. Also be sure they can be successfully restored.

5. Keep backups in a safe place. This is typically done by storing them offsite in a secure location.

6. Routinely check your backup plan to ensure it is current and has evolved with the business.

7. At the end of the backup lifecycle, be sure it is destroyed completely so that the data cannot be retrieved by an unauthorized person.

SMB security threats

Small and medium-sized businesses face a variety of security threats. Some threats attack via the Internet, others come from simple employee error or an unhappy employee.

Battling the insider threat involves watching the behaviors among people inside the business. Threatening actions include password misuse or theft, social engineering and unintentional – yet damaging – security breaches by employees.

SMBs should consider a written security policy as a means to battle the Internet as well as insider threats. A security policy puts in place an ongoing statement of protection, detection and response. Here are some issues the policy should address:

1. Appropriate use of the company email system.

2. How to handle sensitive information.

3. Responsive actions when faced with a security incident.

4. Securing all IT systems.

5. Measures for protecting employee, customer or accounting information.

6. Appropriate use of user IDs and passwords.

7. Roles and responsibilities of administrator, users, and providers.

8. Enforcement.

As you develop a security policy at your SMB, make sure you know all of the company assets and IT systems. If you don't know about them, you can't protect them. Then assess the risks against the vulnerabilities. This will help determine how much time and money you should invest in various areas. The bottom line is that small and medium-sized businesses face multiple threats to their business that get more serious and difficult to battle each day. By taking a proactive approach to protecting and securing critical data and leveraging appropriate technology, SMB IT professionals can minimize the chances of losing their data, and they increase their ability to have the business back up and running in the event of catastrophic data loss.

David Luft is the senior vice president responsible for CA's Small and Medium Business Program Office and the related product development initiatives within that market segment. Luft has worked in information technology for 18 years and is a graduate of Northern Michigan University.

Read more on IT for small and medium-sized enterprises (SME)