Q&A: Key IT threats

It is not just big businesses that face IT threats – plenty of small businesses have fallen victim to hackers, viruses and fraudsters, too. Graham Walker of Northumberland Business Services identifies the threats and explains how you can deal with them

Which key IT threats do small businesses face?

Well, in addition to someone breaking into premises and stealing computer hardware, there are many online threats, most of which centre on finance and reputation. Online banking is vital for small firms; however, it would be disastrous if your account security was compromised. Never trust emails that appear to come from your bank that ask you to verify your account details, no mater how legitimate they look. Your bank wouldn’t ask for such information.

Viruses are another threat – they can devastate your IT system if you don’t have effective protection. Plus, you can inadvertently pass on viruses to your suppliers and customers, which could damage relationships. Always make sure your software automatically scans incoming emails and keep your anti-virus protection up to date.

I’ve heard about people hacking into the systems of large organisations, but is your average small business really at risk?

Potentially, all businesses are at risk from hackers and viruses, which is why businesses spend so much on network security and virus protection. Many hackers see small firms as easy targets. And although the rewards may not be as big, the volume of small business means there are more to target. Protecting your business, whatever its size, is vital.

If someone gets into my system and accesses information, will it damage my reputation?

Depends on what information you hold about your clients and how the hacker uses it, but if you look at it from your customers’ point of view, you wouldn’t be happy if an unauthorised third party accessed important information about you. This could damage your reputation, and reputation is crucial in business.

What information might a small business have that it needs to safeguard?

Personal details about clients, including names and addresses, buying records or habits and, perhaps most important of all, credit or debit card details. Such information would be valuable to unscrupulous individuals wishing to use it or sell it on to other parties.

Might an owner-manager also have information they want to hide from employees?

Quite possibly – perhaps information about wages or other personal details, which are most likely to be stored on a computer these days. Any information not operationally required by staff should be protected from unauthorised access. Using server security is ideal, or using an external storage device that can be locked in the safe. At the very least, important documents should be encrypted, which grants access only to those who know the password.

I’ve heard of a ‘firewall’, but what exactly is it?

A firewall sits between the web user and the big bad world and acts as a wall that prevents intruders from accessing your system. If you have a firewall on your computers and these sit behind a network firewall, any hackers would need to get past two firewalls before being able to explore your PC.

What are viruses and what threat do they pose?

They are small programs intentionally created to exploit vulnerabilities in your operating system or application software. The whole idea is to cause damage or disorder. Results can range from loss of productivity to the theft of data and contacts. Good virus protection is a must.

Are there any email scams I need to be aware of?

Most centre on trying to get your bank account details. Common scams include emails supposedly from your bank asking you to confirm key personal information and emails from strangers offering you hundreds of thousands of dollars if you reveal your bank details. You can find examples of scam emails on the Bank Safe Online website. If you receive a scam email, delete it straight away. Better still, report it.

What is spyware?

Malicious software that can be installed on unprotected computers without the owners knowing. Much the same as viruses, spyware varies from one strain to another. Mostly they seek to monitor your computer and internet browsing activity or alter your internet browser setup. Simply install some reputable anti-virus software that will protect you from spyware and malware threats.

How important is it to back up information regularly and store it off site?

Vital – you must have effective disaster-recovery plans. If you were to lose client details, sales records and invoices on your computer - for example, if there was a burglary, fire or theft – you may never be able to recover. Make sure important information is backed up every day, if necessary, onto a removable storage device such as a portable hard disk. There are even websites onto which users can transfer important data. Be sure to carry out a comprehensive IT risk assessment and act on your findings.

Do I need to train my staff to help them to be extra vigilant to IT-related threats?

In this day and age, it’s wise. Your employees need to be aware of email and virus threats, but obviously these are less likely if you have the necessary protective software in place. If you’re in any doubt, seek advice from a reputable IT expert.

Find more detailed guidance on IT security on the IT Donut.