IT Security on a Small Business Budget: 5 Basics

You don’t have to bust the budget to keep your data and your operation secure.

By Jon Schram

Target, Home Depot, Apple—most recently, they share the dubious distinction of being the victims of security breaches. Whether it’s Target and Home Depot getting hacked and exposing access to thousands of credit card accounts or Apple’s iCloud being penetrated to reveal compromising photos from hundreds of celebrities, their security was breached. If these companies, with deep pockets and hundreds of technology employees, can get hacked, what is a small business supposed to do?  Here are five basic guidelines to follow to maintain your security and protect your data as a small business.

Yes, you need to have them; yes, they have to be complex (letters, numbers, special characters, etc.) and yes, you have to change them every once in a while. No one “loves” passwords but they are necessary to maintain security.  If you happen to work in a regulated industry—financial services, for example—you are already familiar with passing FINRA audits, and password policies are part of the
audit. Putting a yellow post-it note on your monitor with your current password (you know who you are!) is not a good method for remembering your password. There are very affordable password man-agers out there that work well for keeping passwords centralized and secure. Two free tools are LastPass ( and KeePas ( More robust versions focused on small businesses are available and inexpensive.

Anti-Virus and Anti-Spam
Fully 70 percent—or more—of all e-mail traffic is spam, and most viruses and malware are delivered through e-mail. That means a good spam filter and solid anti-virus software are critical. Both of these are affordable for small businesses, and free versions are available for individuals. Anti-Virus and Anti-Spam often come bundled together in outsourced services like AppRiver ( or Microsoft’s hosted e-mail provided with Office 365. You can address Anti-Virus with a wide variety of free software: Malwarebytes, Panda, AVG and Microsoft Security Essentials are just a few. These are also offered in very affordable small-business versions that are easy to manage.

Everyone is connected. Whether wired (plugged into the wall) or wireless, every connection should pass through a firewall.

A firewall is generally a physical piece of hardware that provides protection and control over what kind of information can come into and go out from a network. A firewall can also be a hosted service or software that runs on a desktop or server. Cisco and SonicWall are examples of hardware-based firewalls and AVG offers a hosted firewall. The overall expense for the devices or service is minimal, but firewalls generally require a little more technology skill to configure so consulting an IT professional is recommended.
Things happen. Laptops get dropped, coffee gets spilled, viruses get through or someone accidentally hits “delete.” Whatever the cause, sometimes your data is gone. What do you do?  Restore from backup, of course. Oh yeah, you meant to back up last week but were too busy and you were going to do it tomorrow. Sound familiar? No system or security is perfect, and it is a fact of life that data might disappear for a variety of reasons. So a reliable backup is an essential part of data security and data recovery. The only way backups are reliable is to make them automatic. There are many tools available for individuals and small businesses to backup data. Mozy, Carbonite, Apple’s iCloud and many others can be setup to automatically copy your data off-site to the cloud. Of course, as this article started out, the cloud is not infallible, so you may want to look at other on-site options like external hard drives. If you have on-site servers, you will want to consider redundant equipment that provides both back ups and continuity if your production server fails. Server backups can be more complicated, so consulting an IT professional about the setup and on-going testing is recommended.  

Sometimes we need to be protected from ourselves. When it comes to security and using PCs, laptops or smart phones, some basic training can go a long way.  Some simple do’s and don’ts  (like the previously mentioned Yellow Sticky-Note Method) can go a long way. Have you educated yourself or employees on the various phishing scams? Do you know what “phishing” is?  If not, check out or and take a few minutes to get educated and to educate your staff. Phishing scams have come a long way since the “exiled prince from Nigeria” e-mails of a few years ago. Training yourself and your employees on best practices in using e-mail will pay off by avoiding scams and viruses.  
In the end, nothing is perfect, and even big budgets don’t guarantee complete security. But if you follow a few simple best practices, you can be as secure as the big guys on a small business budget. 

About the author

Jon Schram is president of The Purple Guys, a Kansas City IT company.