Although small businesses may not realise it, they actually face the same security breach risks as the next business. But there’s good news – implementing sound information security practices and closing some common loopholes doesn't necessarily need big budgets. Nearly a third of small business owners don’t realise that a security breach will cost them money in lost business and fines, not to mention the significant damage to their reputation. The first step in mitigating risks is identifying the threats. This simple information security checklist can help small businesses:

  1. Identify places data thieves look to steal information

  2. Obtain tips for securing digital devices

  3. Learn best practices in document management

  4. Find easy to implement information security steps that yield big results

PHYSICAL SECURITY

Does your business...

  • Have locked filing cabinets for documents that include customer information, employee records, financial data, and other sensitive material?
  • Use laptop locks that prevent physical theft?
  • Use secure, off-site storage for documents that you are legally required to retain?
  • Prohibit the use of unsecure recycling bins at employees’ workstations?
  • Have secure shredding containers for safely disposing of documents?
  • Securely destroy old hard drives once they are no longer needed?
  • Have a secured area that can’t be accessed by anyone without a key or security pass?
  • DIGITAL SECURITY
  • Does your business...
  • Encrypt smartphones so that data is secured even if the phone is lost and recovered by someone outside the company?
  • Regularly update your computer software to ensure that security holes are patched?
  • Backup sensitive data to a secure, off-site storage facility?
  • Ensure that employees regularly change their passwords?
  • Prohibit employees from leaving passwords written on their workstations?
  • Limit access to network folders with sensitive information? Have anti-malware software installed on all computers?

POLICIES, PROCEDURES AND TRAINING

Does your business...

  • Have rules regarding the proper document management that includes storage and disposal?
  • Have rules regarding the removal of equipment, data and documents from the office? Have rules regarding proper document management when working remotely?
  • Train new employees on information security policies and procedures?
  • Provide regular (semi-annual or annual) refresher training on information security policies and procedures for employees?
  • Perform information security audits to ensure that employees are following policies and procedures?
  • Make adherence to policies and procedures part of employees’ performance review process?

If you answered “No” to any of the questions on the checklist, there is room for improvement in your business’ information security practices. The good news is that all of the items featured on the checklist are easily implemented at a minimal cost.