Recently I have been working with a number of small organisations around Information Security.
It became apparent that although there is a huge amount of information out on the web that deals with Information Security. Very little amounts relate to the small business. The majority of it deals with ISO27001 and outlines hundreds of hurdles you have to get over in order to get accreditation. Most of this information has been put out by the large consultancies who would like to sign you up and charge you close to £800 per day in the process.
In reality things are quite different. Effective Information Security should be based on common sense. In fact ISO27001 is not about the protection you have in place but more about the management of risk and the control structures you have in place.
With this in mind I have created a 3 part guide on Information Security for the Small Business
I have also devised a simple assessment questionnaire to give you a guide as to the level of protection you have at the moment. This can be found at Free Information Security Review
According to the latest dates provided by BT OpenReach the Batley exchange is currently not scheduled to be upgraded to super fast broadband.
One must remember that unless you are connected to Virgin all Internet providers are reliant upon the telephone cable from the customers premises to their local exchange. It is here that that the customer connects to the various Internet providers such as TalkTalk, Sky and others.
This is despite other exchanges such as Morley, Cleckheaton, Dewsbury, Mirfield and Osset have already been upgraded or scheduled for late in 2012.
Super Fast Broadband or “BT Infinity” as marketed by BT is where fibre optic cables are laid from the telephone exchange to the BT cabinets in your area. This is known as “Fibre to the Cabinet” or FTTC in some cases especially for business there may alo be the option of bringing fibre optic cable direct to your office. This is known as “Fibre to the Premises” or FTTP.
In the past larger companies have had dedicated network connections to the Internet which can coat from hundreds to thousands of pounds per month. However with the advent of super fast broadband then small companies are able to utilise much faster internet connections at a minimal cost for a variety of purposes. This can vary from having phone lines over the Internet, to cloud based backups, or moving a company’s whole computing infrastructure into the cloud.
As Batley is not currently in the roll out program then it is impossible to tell when BT will get round to Batley. It could be years!!.
Please take the speed test here which will then direct you to the BT Openreach page to register your interest.
This will mean that Batley will be left behind in the technology stakes for years to come as businesses will prefer to be located in an area with fast internet speeds. This becomes even more important when you are located over a mile from the exchange as the speed will become lower. In Birstall, which is connected to the Batley exchange, it is rare for anyone to get a download speed of greater than 2MB.
As businesses become more and more dependant upon the internet and use more cloud based services then the upload speed becomes just as important as the download speed. A normal ADSL line can only offer an a maximum upload speed of 0.5MBs. With the new network this has been increased to a maximum of 20 Mbs
However there is one way you can help. By registering your interest with BT then they should take notice of the demand in the Batley area and hopefully put Batley in the rollout program. We are also interested in what are the current internet speeds in the area as they will vary from 5 Mbs down to 1MBs depending upon how far you are located from the exchange.
Please take the speed test here which will then direct you to the BT Openreach page to register your interest.
We will publish the results on this site and by email before the end of October.
Small and medium-sized businesses (SMEs) have been urged to plan ahead this year or face putting their livelihoods at risk. Aviva , in its bi-annual SME Pulse survey, says companies that don’t take the time to prepare disaster recovery and business continuity plans (BCPs) are more likely to close in the first two years of trading.
A BCP seeks to identify a small business’s current service levels. It requires a risk assessment identifying the key threats to the business, puts in place a plan to manage any incident, and includes business recovery planning as well as rehearsal and maintenance planning.
In the Aviva survey, half of SME owners questioned revealed they had no BCP in place, and a further 16% said they didn’t think they needed one. Only 36% of respondents were even aware of BCPs and what they were for, while, worryingly, only a quarter (28%) of business owners said they had a BCP in place. The remaining 6% didn’t know if they had a BCP or not.
The Aviva survey found that business owners grossly underestimate the time it could take to get their company back on its feet following a serious incident or interruption. The majority of SMEs believe it would take them only a week (33%) or a month (31%) to return to normal trading. But Aviva says a return to full trading can often take a business more than a year.
This is echoed by the Federation of Small Business , which says 80% of SMEs affected by a major incident close within 18 months, while 90% of SMEs that lose data from a disaster shut within two years. This is a major worry considering 99% of businesses in the UK have less than 50 employees.
In a report on major incidents and small business, the FSB states: “Small businesses, by their nature, are more vulnerable to the impact of major incidents and disasters and the impact all too often is terminal. This has a knock-on effect on the whole supply chain in which they were involved and the community in which they were based.”
Below is an extract from an article that was published on http://www.smallbusiness.co.uk
Half of UK small businesses still believe that the loss or theft of data from their organisation would have no impact on their company.
The survey of 1,000 UK businesses by Shred-it finds that more than two thirds of small and medium-sized enterprises (68 per cent) either never train their employees on information security procedures< and protocols (30 per cent), or do so only on an ad hoc basis (38 per cent).
This news comes despite last year’s enhancement of the powers of the Information Commissioner’s Office to fine organisations up to £500,000 for serious breaches of the Data Protection Act.
Just 4 per cent of companies report actively changing their information management procedures as a consequence of the changes, while 58 per cent of businesses confessed that they were not even aware of the enhanced powers.
PragmatIT has extensive experience in this field having worked in the legal and financial services industries for over 15 years. We can help in building a Information Security Management System designed around your business. We can identify all your information stores and perform a risk assessment to separate the real threats from the perceived threats. Action plans can be then put in place to reduce the impact or likelihood of the risk occurring.
Robert Guice, EMEA executive vice president of Shred-it says, ‘Ignorance is no defence in the eyes of the law and UK businesses need to wake up quickly to the fact that failures to store and dispose of confidential information in a secure manner could have far-reaching and potentially financially damaging impacts upon their operations.
‘As a company owner or manager, understanding your legal obligations in view of the Data Protection Act, and developing policies and procedures to comply with them in a consistent and reliable manner is absolutely essential.’
Chief executive of the Forum of Private Business Phil Orford adds, ‘It’s time companies got wise to the seriousness of data theft and the importance of protecting their information. Quite apart from the implications for the commercial viability of a business, failing to secure data properly could lead to a potentially huge fine.
‘It might be tempting to push issues like this under the carpet but that would be a grave mistake – and there is support, advice and guidance available to make sure you are fully secure and protected. Use it.’
This is a question we are often asked by our clients.
The answer is to
The first stage is to identify where all your information is being stored and categorise it between Public and Highly Confidential.
Next you should identify all threats and vulnerabilities to this data. This need not be technical threats as employed by computer hackers. Instead these threats may be simpler but also more damaging. Could you stop a disgruntled under performing sales executive take a document containing all of your client and sales information to a competitor? Would you know if this had happened?
The next stage is to risk assess all of the threats and vulnerabilities you have identified to produce a risk score against each one.
for Instance a threat could be
Client Sales History files are accessible by all users therefore there is a risk of data leakage bya disgrunled employee
This could have a serious impact (4 out of 5) upon the business and as we have a high churn rate of sales people then the probability could be high (3 out of 5).
We calculate the risk score by multiplying the probability by the impact giving us a risk score of 12.
Once all these risks are collated into a central point we can then sort each threat by risk order.
You can then produce action plans on high risk areas to lower these risks. This could be as simple as revising an internal procedure or as complex as installing new systems.
In the above example risk reducing action could be to
Compile list of all users who need access to Client Sales History. Restrict access to only those users that need it. Also split documents down by sales area
By limiting access then we can lower the probability to 1 and by splitting the documents down by sales area then we are reducing the impact of a data leak to 2. This then leads to a residual risk score of 2
With some items your company may not be able to reduce the risk. In this case you may well elect to accept the risk. However the fact that you have identified the risk and can review it at regular intervals will be an achievement in itself.
Normally a business has 2 main requirements at this stage.
The problem with this is that a normal 1st or 2nd line support person will not have the experience or gravitas to define a coherent IT strategy.
A senior IT professional will have the strategy sorted within a couple of months and may not want to get embroiled in tedious support issues.
PragmatIT IT Services has years of experience in defining IT Strategy.
PragmatIT can be engaged to define the IT strategy and help select a suitable support person. We make sure that this person is business customer focused as well as having the right technical skills.
This IT strategy will produce a list of projects for the Internal IT resources to work on.
We make ourselves available to the IT resource for help and guidance 24/7. In a way it’s more like IT mentoring than IT management.
Once a month we meet with the client to review project progress and to discuss any issues.
The benefits are clear:
The client has a very experienced IT Manager working at a highly competitive price
The internal IT resource has a senior IT manager on call as well as having the autonomy of making their own decisions.
If you think that this could work in your organisation then click here to leave feedback
As a leader within your business, Do you sometimes feel that you are pulling a cart with square wheels with your team pushing from behind. The square wheels are your business processes and systems. They work but you get the feeling that they could work better. You pick up ideas along the way and put them in your cart. However you never get the time to implement these ideas because you are so busy keeping the wheels turning and the business moving. Have you ever considered the thought that some of those ideas in your cart could in fact be a set of round wheels which will help you make the job of running your business easier. You know that there are loads of projects that you want to get underway and move towards completion. However you feel that your hands are permanently tied. There are always something more urgent operationally which is grabbing your attention and using up your energy. The day job is always getting in the way of strategic planning.
This is where you need to apply a pragmatic approach to Change.
PragmatIT IT apples a pragmatic approach to IT for your business.
Not only can we support and improve your IT systems we can help you implement change within your business. We can do this at a pace that suits you and your budget.
I have always recognised that cloud computing is ideal for the small business as it allows for high end computing power to be available at very low cost especially when using Software as a Service (SAAS) This article on the BBC Site gives some very good insight Cloud Cover