For small and midsize businesses to advance into the digital economy, three things are necessary: vision on the part of business leaders; dependable technology; and trust in that technology.
This is the word from Joe McKendrick, contributor to Forbes Insights, writing on the Microsoft blog.
For businesses working to establish a digital presence, the online world can be a very scary place, with no shortage of news cycles about the latest hackings into major corporate systems. Evolving to a digital enterprise requires complete confidence that the technology solutions and information companies use to transact business is timely, reliable and secure. To assure this level of trust, it’s important to bake security into all processes, applications and data environments. Every small to midsize business needs to establish a culture of security.
A new survey of 100 business leaders, conducted in December 2014 by Forbes Insights in partnership with Microsoft, confirms that IT security is top of mind for many, and progress is being made to better secure digital assets within growing companies. However, substantial segments of small to midsize businesses have yet to embrace many of the practices and protocols that are required for secure IT environments.
The survey clearly identified priority areas small to midsize businesses should consider when making the journey to becoming a digital business. Trust was identified as the foundation of this change and hinges on having highly secure systems. A culture of security must develop as the business increasingly moves online. Here are ways to successfully ensure a culture of security in the digital age:
Educate and raise awareness
IT security is the responsibility of everyone in the entire company, not just an IT administrator or a single department. Employees and managers need to understand corporate IT security policies and procedures. They should receive regular updates on how to handle security threats, such as viruses, phishing and other e-mail scams.
Periodic training on the proper ways to handle data, log-ins and use of personal devices in workplace settings is also beneficial. Three out of five executives report they do not yet have a formal online corporate security policy. Such policies are critical for laying the groundwork and maintaining support for active security efforts. Most businesses are communicating Internet security policies on a widespread basis – 77% will attempt to bring all or most employees up to speed on new policies. Such guidelines may provide employees direction on the use of their own mobile devices, as well as advising on the proper handling of sensitive corporate data.
Along with communicating policies, employee training is a vital part of building a culture of security. Employees need to be acquainted with the processes – and regulations – for handling sensitive data, opening e-mails, avoiding scams and frauds. Such training is supported at most companies, but more than one-third admit they provide no training at this time to their employees.
To a large extent, the businesses surveyed apply a very light touch when it comes to bringing their workforces up to speed with security training. The most popular strategy, employed at 55% of sites, is through regular company-wide emails detailing updates or providing tips. About 41% admit that they provide only informal guidance to their employees, with the expectation that the employees will learn the right procedures on their own.
About half of the surveyed group do invest in training with 52% reporting they get more actively engaged by offering in-house coaching or guidance by their IT teams. Another 23% will invest in either online or on-site training programs. Most executives indicate they make the effort to personally understand online fraud, the steps they can take to help guard against it and what they can do if they fall victim to it.
Trust, but verify
Many of today’s data breaches originate from the inside of organisations, often the result of simple human errors. No IT security strategy is ever complete without checks and balances on the inside, even if it’s to avoid simple mistakes. In addition, ensure that outside providers, such as consulting and cloud services, have strong security policies and procedures.
Seek to prevent, versus repair
The old saying, “an ounce of prevention is worth a pound of cure,” applies well to IT security. However, the survey finds many businesses may be lagging in their ability to keep up with technology enhancements. In addition, many businesses are missing the latest solutions and protocols that can provide the assurance that the IT infrastructure is well secured.
Preventative strategies include encrypting data, strictly regulating its replication and requiring strong passwords that are regularly changed. Keeping up with releases, updates and patches also is an effective prevention strategy. Maintaining the most up-to-date versions of technology is key to having a robust IT security environment.
Security is one of several driving factors for regular technology upgrades. A majority of small- to midsize-business executives say they make their technology upgrades when it becomes apparent that their current capabilities are lagging. Close to one-third, 29%, report they make upgrades when they are presented with product support issues, suggesting that many procrastinate on moving to new technology until forced to do so due to the end of vendor product support.
Share the knowledge and learn from others
Close to one in five executives readily admit they are aware of security breaches that impacted their organisations within the past two years, but only one in four have an appreciable level of confidence that another breach can be prevented. Involvement with user groups, professional associations, business groups or online communities provides opportunities to learn best practices for increased confidence.
A well-designed culture of security should always be part of a business’s plans to advance into the digital economy. Transactions need to be trusted, customers need to have the assurance their data is in secure hands, and corporate operations need to run unimpeded. The digital economy is built on a foundation of trust, and small- and midsize-business executives can take a leadership role in assuring that trust.
