Skip To The Main Content

Give your IT security a boost


By Dave Rogers, business development manager and security specialist at King of Servers


As the GDPR compliance deadline (25 May 2018) looms, the pressure is on for organisations of all sizes to tighten up their security and data protection. However, for small businesses in particular this can pose a challenge. Often constrained by budget, it may not be viable for smaller firms to hire a dedicated person to manage security and data handling for the firm. 

The following tips should help you tighten up your IT security processes: 

Create a security policy 

Small business owners should work with their HR managers to draft a security and data protection policy and this should be included in the company handbook. Employees need to be aware of what to do in the event of losing company property, for instance. A lost company mobile phone that an employee fails to report missing is the perfect opportunity for a malicious hacker to obtain sensitive data.

It is also worth bearing in mind that, within some organisations, employees have accepted bribes in exchange for sensitive information. A survey conducted by Clear Swift in 2015 found that a third of employees admitted they would sell their organisation’s data if the price was right. This is why having policies and clear disciplinary procedures in place can help to mitigate any risky situations. 

Use VPNs for remote working and BYOD

A sure-fire way to expose an organisation’s network and data to hackers is by allowing lots of different devices onto the network. Implementing remote working and BYOD without policies in place will undoubtedly put the network at immediate risk. Put simply, the more devices on a network, the more ‘back doors’ become available for hackers. In this instance, the IT professional within the organisation should set up a virtual private network (VPN).

VPNs add a layer of security to the network by encrypting connections between remote devices and the company network. This will be even more crucial for GDPR compliance. 

Going one step further than this, if an SME is serious about remote working and BYOD, management should provide IT staff with mobile device management software that gives them visibility of all devices connecting to the network. Some software even provides the IT team with the ability to wipe any company-related content from any device connected to the network remotely. This is incredibly useful for lost or stolen devices that have accessed company data.

Invest in training 

While having state-of-the-art security software can certainly help protect an organisation, even the most robust systems can be duped by human error. Many hackers rely on the naivety of employees to exploit systems and gain access to sensitive information.

In-house training sessions can help to minimise risk in this area or, for businesses that don’t have dedicated expertise, sending employees on a course or hiring an external trainer can help to educate employees and prevent data breaches caused by human error.

Seek external guidance regarding GDPR

Hiring a full-time, dedicated data/security officer is often not a viable business option for smaller organisations, in which case it is recommended to seek external help from an expert. Between now and the GDPR deadline, there are many different courses business owners and IT specialists can enrol on to ensure they have all bases covered within their plan. 

Alternatively, an organisation can hire an IT security expert on a contract or temporary basis or from a consulting firm. This will be less expensive than hiring a full-time staff member, but still ensures that an expert has evaluated the firm.