How to Assess the Information Security of a Small or Medium Business
What is one of the most important aspects of business to consider?
Information about customers and clients. Information about products and market trends.
Information about projects and profits. Whatever the information is, its importance cannot be overstated. Without information, there is no business.
Though it may seem like something that affects others’ business but not yours, this could all happen to your company. Your infrastructure could be attacked, your data could be stolen or deleted, and your business could suffer for it.
How do you assess the information-related-risk of losing money?
To help Small and Medium Business owners or managers, here are some top tips and actionable steps that you can take for an initial Information Security assessment.
1. Information confidentiality
Only those who need access to information to do their jobs should have access to it.
2. Information integrity
The information hasn’t been manipulated with / deleted by those who shouldn’t have had access to it.
3. Information availability
The information is available when it’s needed.
You can follow the three criteria by using a matrix model, such as the one shown here.
Now you that you’ve classified and assessed your information, what’s next Avoiding leakage of information, mis-editing, loss of saved files, etc.
How can you achieve this? By choosing the right protection for your information. The steps to assess and achieve this are:
- Categorize the types of information, e.g., payroll information, confidential business research, business plans, financial information.
- Identify the information to be protected, e.g., in-house, outsourced, manually, automatically.
- Consider the impact of losses due to lack of protection, eg.g, lost work, legal costs, fines / penalties, reparation costs, loss of reputation / trust.
Each business is unique and will have a set of business needs and requirements to match. The above simple steps serve as a starter for your company: classify, assess, and protect.
If you have an IT team / IT person / Outsourced IT team, you can talk with them about the security of your information and data. Good IT people will be able to provide you with the information you need immediately, and you, in turn, can assess your information security status.
Then you can focus on your business with fewer concerns about your information security.
If you want to:
- Upgrade or move your business tools to these cloud solutions in China
- Setup a business continuity plan
- Upgrade your IT infrastructure
- Setup backup plans
- Improve connectivity within your China offices or with your global offices