1 Consider how serious the consequences of a system failure, misuse or data loss could be (some surveys suggest they could cost small businesses up to £7,500 a day); use this to decide how much to invest in disaster prevention.
2Purchase proven equipment and software; try to avoid bespoke systems. A good IT supplier can recommend reliable, widely-used hardware, software and cloud services.
3Evaluate cloud services carefully. Using a reputable cloud computing service could be safer than running software in-house - providing you do your research. Check where your data is stored and how it is protected.
5 Treat mobile devices as if they're computers. These days, employees' smart phones may hold lots of sensitive data, so you need to take steps to protect them. Make sure you can wipe these devices remotely if they are lost or stolen.
6 Arrange any external support you may need. For example, you might need help with IT installation, maintenance, training, troubleshooting and disaster recovery. Your two main options are to use outsourced IT support or to provide it in-house.
7Physically protect your equipment. Use surge protectors or uninterruptible power supplies and ensure your premises are secure. Key equipment like servers should be kept locked in a separate room.
8 Establish security procedures (for instance, control access to sensitive information). Use anti-virus software and an internet firewall.
9 Assign responsibility for the system to one individual and make sure they have time to do this role properly. Provide cover when that person is unavailable, appropriate training and clear guidance on when to call in external experts.
10 Train employees how to use your IT system and specify what tasks must be referred to others. Establish a procedure for reporting faults or problems.
11 Establish and implement an email and internet policy to regulate how your staff use the internet. Make sure they’re aware of the risks - particularly from phishing and malicious websites.
12 Establish a safe installation and upgrade procedure, including backing up data, updating your anti-virus protection and running parallel systems while testing if necessary.
13 Carry out routine maintenance. For example, keep equipment clean and dust-free, run utilities to clean up your systems, archive old files and test system performance.
14 Establish an effective back-up procedure and store back-ups securely off-site. It’s important to regularly test restoring data from your back-ups.