Get in touch: Speak to a Sales Rep

Request a follow‑up

Speak to a Sales Rep Call 1-877-633-1102

Article How to establish your first security policies if you’re a small business

Back in May, a vulnerability in Facebook’s WhatsApp messaging service allowed an attacker to make a single voice call that granted access to the recipient’s email, texts, data, camera and microphone. It was then discovered that the same vulnerability had put 1.5 billion users at risk of having spyware secretly loaded on their phones.

How did this happen to a company like WhatsApp? A company that surely has enough money and resources to prevent such a huge vulnerability. And how vulnerable does that make you, if you’re a small business that hasn’t even established security policies yet?

It’s a scary thought because it makes you wonder if your business will ever be safe from attackers – either attacking your own infrastructure or attacking the infrastructure of companies (like WhatsApp) that your people use everyday. 

This type of attack is a timely reminder of the need for businesses of all sizes to harden their defenses. Especially when it comes to the security of employees’ mobile devices – the things increasingly being relied upon for transferring highly sensitive data.

So how exactly do you set security policies when you’re first starting out? Here are five tips to get you going:

1. Keep spares

Meet the most important word in this post: ‘redundancies’. Why so important? Because you’ll want loads of them if you’re aiming for maximum protection. 

Redundancies are essentially duplicates of critical components or functions your network (devices, equipment, communication channels), that exist to increase the reliability of the network at large. 

Think of them as backups or fail-safes – so you’ve essentially got a spare if anything ever gets into the wrong hands.

You’ll definitely want outside help on this one if you haven’t got people who understand how redundancies work – in the meantime, just make sure your people are saving files somewhere you can make backups.

2. Protect your users from themselves

It sounds a bit dramatic but it’s true – if you’ve got people using mobile devices in cafes, restaurants, guest networks, vendor or even customer sites, there’s a very high chance they’ll use unsecured WiFi at some point. 

That gives hackers an instant, free pass to all and any company data that gets communicated.

It’s why we created the Secure Wi-Fi app for smartphones and tablets – a “smart VPN” app that protects users connected to Wi-Fi on the go. It automatically turns on when it detects an unsecured Wi-Fi connection, then turns off when it disconnects from the Wi-Fi. 

Another tip for protecting your users from themselves is to get someone in (if there’s no one like this on your side) who can talk about preventable human error – like finding USBs lying around and plugging them in. Or falling for a phishing scam. 

3. Make sure all your apps are being regularly updated

If you’re behind on app updates, any vulnerabilities that have been discovered in out-of-date designs are now on hackers’ radars. It’s why most app updates are actually vulnerability ‘patches’ rather than exciting new feature roll-outs or UI surprises. 

The hard thing is managing all these updates. In small businesses, you generally want to trust everyone to update their own devices and apps. But people being people, they tend not to. 

So if you are going to take on this responsibility, you’ll need ways to lower your workload. 

For instance, if you’ve got any apps still running that barely get used, uninstall them. They’re not worth the hassle of updating. And uninstalling them gives you less to worry about from a security perspective.

4. Have a threat-response strategy

Getting hacked isn’t fun. But what’s even worse than getting hacked is getting hacked and not knowing how to manage the situation. It’s why you should always have a threat-response strategy ready just in case a serious breach does happen. It’ll make sure your only possible moves are good ones.

That might sound unnecessary right now but you want to plan these things before something goes wrong – not while you’re scrambling to fix them. 

Take security seriously – your size won’t save you.

Security doesn’t seem like the kind of thing small businesses need to worry about. But between ransomware attacks like Wannacry, botnet attacks and the never-ending conveyor belt of new attack methods, there’s always something to worry about. 

Hackers don’t need to steal from one big fish if they can attack hundreds of little ones – they don’t even have to work that hard to deploy certain kinds of attacks. 

So approach your security like something bad is going to happen. And then calmly and pragmatically plan your response to it.