If you’re running a small business, it’s not likely that you’re going to have Anonymous come after you, or be hacked by the kind of guy who takes down huge corporate entities for entertainment. There are benefits to operating on a small scale. However, (and this is a sad little reality) you are more likely to be taken down from within. This is where IT security comes in.
You see, small businesses are like families. You all do bits of everything, you know each other’s stuff, and you’re there for each other. You trust each other. But all families have secrets. Because, if your nephew is developing a gambling problem, you may be his family, but you’re also his employer, so he probably won’t share that with you. You may only find out after he’s embezzled a fair bit of the profits to either feed his habit, or pay off his resultant debts. There are two ways to address this: firstly, from a policy point of view, you need to have a clear stance on all computer, ICT and online usage, in a document that all staff read and sign, so that you can prove that all are aware of their rights and responsibilities at work, and with work equipment and information. Secondly (and this may seem too simple, but many things are) – PASSWORDS.
One of the primary IT security measures is secure passwords. I can’t repeat this too often. Not your spouse’s name. Not your pet gecko’s name. Something complex enough to deter someone fiddling on a keyboard. And don’t share passwords. In that case, you might as well publish them on Facebook. Give each employee their own password, require individual log-in each time a transaction is performed, and enforce this strictly. Because, ultimately, it’s not computers who rip off people. It’s people who rip off people.