Safety first when going virtual

By Ross Walker | August 26, 2011 | Leave a Comment 

Ross Walker

According to a recent Symantec survey, the majority of small businesses see virtualisation as a big priority for the future. Reduced overheads, more flexibility with IT as well as the ability to scale up and down as and when business needs dictate, are just some of the benefits SMEs cite when asked why they are considering it.

But a hunger for greater productivity and efficiency can’t come at the expense of information security. So while virtualisation can offer small businesses a clear route to bottom line benefits, it can also expose them to new risks.

As a result, any small business looking to take advantage of a virtualised IT environment needs to ensure that it is taking a robust approach to security to protect its data, just as it would if it was hosted on on-site servers. Antivirus, disaster recovery and firewalls are as crucial to maintain and deploy on virtual servers as they are anywhere else.

But SMEs needn’t be put off of virtualisation because of potential risks. The following can help the transition to a virtualised environment to be safe and secure:

  • Have a clear strategy: Understand what it is you want to achieve from virtualising elements of your IT.  Working with an external consultant can give you a fresh perspective on this. Once you’ve properly identified your objectives, you can properly assess what data needs to be protected and put in place a strategy and polices to ensure that data integrity is not jeopardised.
  • Deploy the right security solutions: Deploy all of the necessary security software and technology before you begin to make use of your virtual servers. Firewall, antivirus, and endpoint security solutions all need to be factored to create a protective shell around your virtual IT.
  • Backup: Having data stored off-site does not mean that it is necessarily safe from threats. Make sure you regularly backup the data stored on your virtual servers and have in place a disaster recovery solution that can be deployed, should the worst happen.

 

#smbrisk – a great debate

By Ross Walker | August 26, 2011 | Leave a Comment 

Ross Walker

You may have seen last month that I took part in a Twitter debate, hosted by Real Business Magazine, along with UK entrepreneur James Caan. The hour long debate, which went under the hashtag #smbrisk, brought together the small business community, industry experts and even a candidate from this year’s ‘The Apprentice’, all engaging in a debate around the risk-taking nature of entrepreneurs. As organisations of all sizes look to ride out economic turbulence, we wanted to discuss why it’s so important that small businesses are helped to better understand and calculate the security risks to their information; what risks they are taking, and how they can minimise the associated threats?

We had a great response from the Twittersphere, with around 85 people getting stuck into the debate, generating nearly 300 tweets. The debate examined a wide variety of topics, from Government support for small businesses, and the importance of protecting business-critical information, to the risks posed by remote working, cyberattacks and natural disasters. James gave some great business insight and advice based on own experience as a serial entrepreneur, and I got into some interesting conversations around information management and the importance of having the right technology and business processes in place to protect small businesses.

ITPRO’s interview with James and I, following the Twitter debate, has some useful advice for businesses and SME managers, and the top tips below should help any SME to manage their information safely:


1. Know what you need to protect: Today, small businesses’ critical information lives both within and beyond the walls of the office on servers, desktops, laptops and mobile devices. Look at where that information is being stored and protect those areas accordingly.

2. Combine policies and technologies: As the number and sophistication of web-based threats continues to rise, small business need to be secured with more than just traditional antivirus technology. Couple polices and education with an integrated solution to protect information wherever it is accessed.

3. Educate your employees: Empower all employees to keep your information safe. Security awareness programmes can help, providing guidelines that enable employees to carefully consider the security implications of their actions. Password management should form a part of this and maintaining strong passwords will help you protect the data stored on a laptop or smartphone if it is lost or stolen. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?) and should be changed on a regular basis, at least every 90 days.

4. Encrypt your information: Encryption technology converts information to make it unreadable to outsiders, and should be implemented on desktops, laptops, and removable media. With encryption, confidential information is protected from unauthorised access, providing strong security for intellectual property, and customer information.

5. Protect your endpoints: One of the most important yet simple steps to protect your information is implementing comprehensive endpoint protection. Keep the program up to date and take action to remove threats that are caught—ensuring that nothing malicious is passed through the business to customers.

6. Backup valuable data: Back up important information regularly and store extra copies of it off site. Employees should be trained to perform basic back-up tasks unsupervised and systems as well as applications and files should be backed up daily, and tested to make sure it works.