Now more than ever, small and medium-sized businesses (SMBs) are relying on their networks for all aspects of their operations, including internal and external communications, inventory, billing, sales, and trading with partners. And yet, many SMBs haven't adequately protected their networks for several reasons:
To many, network security seems too complex and too resource intensive to tackle. But you can take a step-by-step approach as described in the checklist below, and then get an outside consultant to perform an independent assessment and help you complete your security plan.
Many see network security as an expense that won't help their businesses grow, but it is helpful to broaden your view. Rather than categorizing network security as an IT concern, you should consider it as a business-continuity issue. Networks have become an intrinsic part of conducting business, making security planning as important as sales and marketing planning.
Some believe that smaller companies are less likely to be a target of attacks. But as many larger enterprises bolster their network security, hackers and others with malicious intentions are increasingly turning their attention to SMBs.
General Security Planning Tips
The following tips should help you develop, and win support for, an effective network-security plan:
Focus on return on value rather than return on investment. Consider the potentially devastating impact of security breaches such as loss of revenue or customer litigation.
Never assume network attacks will only come from outsiders. Loyal employees can inadvertently create security vulnerabilities, and disgruntled or former employees can cause considerable damage.
Don't be tempted to confront security concerns with a piecemeal approach rather than a single, unified strategy.
Work with others within your company to develop and implement security strategies, focusing on technology, training, physical-site security, and more.
Find the right balance between security and usability. The more secure your network is, the more difficult it can be to use.
Every SMB should have a written (and thoughtfully prepared) network-security plan in place. Answering the following questions can help you develop your own policy:
Inventory Your Current Security Technologies
Do you have any of the following?
Virtual Private Networking
Secured wireless network
Identify Your Most Important Digital Assets and Access to Them
Exactly what are your company's digital assets?
What are they worth?
Where do those assets reside?
Who has access to these assets, and why? Do all employees have the same level of network and application access?
Do you extend access to partners and customers?
How do you control, validate, and monitor that access?
Evaluate the Potential Impact of a Security Breach
What is the potential financial impact of a network outage due to a security breach?
Would a security breach be likely to disrupt your supply chain, and (if so) how?
What would happen if your Web site went down? How long could the site be unavailable before you suffered a significant financial impact?
Do you have e-commerce features on your site? How long could your storefront be unavailable before you suffered a significant financial impact?
Does your company have insurance against cyber attacks, or against the misuse of your customers data? If so, is this insurance adequate?
Consider Both Current and Future Needs
In what ways do you expect your business plan to evolve over the next few years?
How recently have you updated your network equipment? Software? Virus definitions?
What type of security training if any do you provide to your employees?
How will growth affect your digital assets and their value to your business as a whole?
In the future, are you likely to have a greater need for remote employees, customers, or partners to access those digital assets?