IT Security Recommendations for SMB
Small and medium businesses around the world have increasing IT security requirements and concerns. Previously, these businesses had minimal IT strategies and didn’t need a lot of technology to compete in the global economy. By 2017, in order to compete, every SMB’s IT strategy has become paramount to success, almost as much so as their core businesses. Customers and end-clients have less tolerance to security breaches, which can quickly become publicized and hurt the business’ reputation. Many times technology is so intertwined with their core business that in some form they are a tech company and didn’t even know it. Read on to learn DAG Tech’s IT Security Recommendations for SMB.
As small and medium businesses implement more technology, their security has become more complex. On top of that, there are new security requirements being imposed by insurance agencies, ratings agencies, financial institutions, lenders, compliance organizations, clients, end-users, and customers.
All small business and medium business (SMB) should consider the follow IT roles in building a comprehensive security strategy:
- Dedicated IT Security Experts – IT support is not enough to build a well thought out and executed security policy. Specialists focusing solely on IT security should be used in conjunction with in-house or outsourced IT support.
- vCTO Leadership – a high-level expert who understands business and technology to lead and consolidate the overall strategy
- Ongoing Assessments and Reporting – Establish a baseline IT Security Recommendations for SMB report, act on the deficiencies it uncovers, and freshen it up on a regular basis.
- Formalized IT Support – A Service Level Agreement with well defined support parameters, escalation procedures, service hours, and structure.
- Asset Management – ITAM (IT Assess Management) to onboard, offboard, control, and locate assets.
- Pro-active Maintenance – Update and patch systems on a formalized and scheduled basis.
Some areas SMB are commonly lacking as far as IT security:
- SOP (Standard Operating Procedures) and processes
- Multi-factor authentication
- Mobile Device Management (MDM)
- Formalized maintenance schedules
- Current life-cycle hardware and software
- Managed Cloud Services
- Disaster Recovery (DR)
- Backup Strategies
- Physical Security
- Monitoring and Alerting
- Pro-active security notifications
Published 20161212 by Daniel Ghazi, DAG Tech