In part one I mentioned a few of the questions that a small business should be asking about their current information security measures and in this second part I will cover the first two actions that can be taken to move towards a secure organisation.

• Policy
  • Any business that employs people will be asking those people to use, and add to, the information contained within the computer systems of that company. A policy, or set of policies, highlighting what is expected of an employee and what constitutes acceptable use should be one of the building blocks of an overall security policy.  “That’s a bit formal isn’t it, there are only 5 of us” I hear you say but a policy doesn’t have to be a ten page document full of rules and sub-clauses. Read More…

It was identified a few weeks ago and a patch issued quickly but reports state that a lot of people have not yet updated their Adobe Reader software.

My advice is to do it now, don’t keep putting it off!  There are attackers actively expoiting the vulnerability which can inject malicious code (viruses, worms, malware) via a PDF document.

Users should update Adobe Reader to version 9.1.3 using the automatic update function. Users installing a new version of Reader should note that Adobe currently only has version 9.1 available as a download for Windows – users downloading this version should ensure that they then update to version 9.1.3.

Security is one of those areas of IT that is often given little consideration by the new or recently started business, and often for the most compelling of reasons – money.  Over the last few years however there have been an increasing number of cases where small and medium sized businesses have lost their company information and even customer’s personal information through either security breaches or other “disaster”.  It is these companies that will arguably suffer most from their losses, it’s hard enough to get started without losing everything after a few months.

There are some fairly straightforward questions that any business owner could ask themselves to quickly assess where their business stands today,

• Are we secured against viruses coming through email?
• Are we secured against the server crashing and losing all the data? (Do we know that our backups have worked? Have we tested them?)
• Are we secured against viruses, worms and malware infecting our PC’s via the Internet? (Even if we’re working from home?)
• Are we secured against an employee losing the memory stick that he carries with all the customer information on it?
• Are we secured against someone unknown entering our network and seeing/deleting/changing information stored on our servers and PC’s?

Of course there are many more questions but this is just a flavour of the type of question that we should be asking ourselves, and regularly, IT security is not a one off exercise, things change and new vulnerablilites are exposed so regular reviews are also essential.

In my next article I will cover a few of the key areas that need to be addressed in order to maintain a secure organisation, they don’t have to be expensive but they do require a little bit of thought in order to assess the risk and decide the best path to take to mitigate that risk.