Security concerns should be a number one priority for businesses of any size. Larger, successful companies take security extremely seriously, as they know that a major breach could cost them dearly. Arguably, they would not have been so successful had they not taken matters of security seriously from day one.
Smaller businesses, however, often neglect security concerns for a number of reasons. Implementing security measures can be costly when you are still trying to get your company up and running. You may feel at this early stage that you have little to lose and nothing worth stealing. This is a mistake, as computer hackers frequently target small businesses. Even if all they make off with is your personal information this can be very valuable to them and very damaging to you.
Why security matters
Security is extremely important in every business. It is a question of controlling both your physical environment and protecting the information you handle. If either one is breached, as well as facing possibly significant financial losses you may find your ability to run your business is compromised, due to damage to buildings, equipment or computer systems. The damage to your company’s reputation should also be considered. If a business is seen to be slapdash about security then many will wonder whether it can be trusted to operate professionally in other ways. Customers will also be wary of using your services if they feel their personal or financial information is at risk, or if the company is vulnerable.
The major security issues facing businesses have changed dramatically over the past twenty to thirty years. IT and cyber-security breaches are a still-growing concern as these are extremely difficult to effectively block. In 2014, Sony Entertainment was hacked and lost over 100 terabytes of data. Four films were stolen and released to file-sharing websites, along with unpublished scripts and marketing plans. Just as worryingly, employees’ and ex-employees’ social security numbers and passport details were stolen; however, experts said that Sony’s security wasn’t lax – anyone could have fallen victim to a similar attack.
In 2011, Sony PlayStation was hacked and over 100m users had their personal details and passwords compromised. Similar attacks hit eBay in 2014 and Adobe in 2015.
However, while cyber-security attracts the headlines, risks to businesses’ physical premises have not gone away. Office, storage and retail premises are still targeted for theft and vandalism, and need to be protected with the latest security systems. Again, small businesses are particularly vulnerable in this regard. It’s estimated that £20.75 billion worth of physical security products were sold worldwide in 2015. 54% of these were video surveillance products, worth £11.18bn. 23.5% (4.87bn) were intruder alarms, while 22.5% were access control, worth £4.67bn. With a growth of 8% predicted in 2016, the entire market is expected to be worth nearly £32bn by 2020.
The most obvious form of security breach is a physical break-in, usually with the intention of theft. To prevent this from occurring, make sure that all doors, windows and other entry points are secure and fitted with strong locks. These should be changed regularly, and key access should be strictly controlled. Pay particular attention to emergency exits, as these are often overlooked. Would-be intruders frequently target them because they are out of public sight. If these are breached, contact a company that specialises in emergency door repairs as a standard firm may not have the knowledge and expertise to do the job correctly.
One of the most difficult security breaches to guard against is the inside job. This is where a disgruntled employee or someone else with intimate access to the premises attempts to rob or compromise your business. One solution is strict vetting of employees. In certain cases regular mandatory drug testing may also help to identify problem staff. Internal CCTV is vital in capturing evidence of wrongdoing or suspicious behaviour. In all cases, however, the company must tread a fine line between maintaining internal security and snooping on employees.
Cyber-attacks come in many forms, including malware, viruses, Trojans and so on. Common methods include phishing; password attacks and distributed denial of service (DDoS), when a company’s server is intentionally overloaded with requests in order to shut it down.
Strong firewalls and anti-virus software are essential first lines of defence in the war against cyber-criminals. Beyond these, you should consider encryption software and two-step authentication for internal and sensitive programmes. Your software should be kept up to date and passwords should be changed regularly. Educate your employees on the risks posed by cyber-attacks and make sure your company has a consistent incident response strategy in place. If you are not sure where to begin, there are companies that specialise in risk assessment who will help you to build up your defences.
With cyber-attacks alone costing British businesses over £34bn a year, security is certainly an area that companies need to take a closer look at. An overall strategy needs to be developed to coordinate physical and online security, as well as having a clear protocol to follow should a breach occur. Adequate security is not cheap, and unless a plan is in place before money is spent then your company will not see the full benefits of the equipment purchased.
Security is about protecting your company’s interests and reputation. You are also responsible for any sensitive data that your customers and clients have entrusted you with. If your security lets you down, in addition to your own losses you could be held legally accountable for any loss or damage suffered by a third party. In extreme cases, the damage to your company’s reputation could be irreparable, not to mention the financial costs that may be incurred in compensation.
It may never be possible to be 100% protected against security breaches. Every business needs to be prepared for the worst, but part of this preparation is doing everything you can to stop the breach occurring. Beyond that, immediate and effective damage limitation is vital. How you cope with an attack says as much about your company’s integrity as what you did to stop it happening in the first place.