INFORMATION SECURITY BEST PRACTICES FOR SMALL BUSINESSES BY WARD BUCHANAN- Part 1

Video Posted on Updated on

This Video by Ward Buchanan stresses Stresses the need for effective Information Security in SMEs. He said many small Business owners think they do not need to invest in Information Security because it is expensive, does not reduce their operating cost and does not generate revenue in any way but his response  is that not been Information Security conscious has the potential to ruin the whole business so it is left to Business owners to decide wisely.
He further said “in this age where cyber crime has grown at an enormous rate, it is not an option not to have protection in place”. Adding that the level of IS in any SME should be commensurate with the level of business they are doing because different types of business collect and store different types of data e.g health care businesses are expected to store patient information and therefore need to protect and ensure patience’s privacy or risk facing legal battles for leaking patient health information. He listed out possible threats are outlined such threats include:
• Computer Viruses
• Identity theft,
• Data loss,
• Employee fraud and theft
• Loss of physical equipment
The impact these threats can have on the business amongst others are also iterated below
• Loss of Proprietary Information
• Loss of Financial Information
• Loss of customer information and confidence
• Litigation
• Penalties- Government penalties for not taking efficient pre-emptive measures.
Listed below are the requirements to be considered for determining the security model that should be adopted by the businesses
• Describe the business and what it does
• Define activities that support business
• Identify information required by the above activities
• Classify information sensitivity
• Identify those who need access to the information
• Identify impact for applicable laws
• Identify and evaluate risks and actions to be taken
Everyone needs to be involved and know the need for security, Hence these steps are to be followed in implementing Information Security
• Designate who is responsible for managing security
• Secure your physical location
• Set up secure storage space
• Get employees to sign non-disclosure agreements
• Install network security components
REFERENCE:
Ward B, (2010). Available on youtube, Retrieved on 07 March, 2014 from

This entry was posted in GENERAL BLOG POSTS, INFORMATION SECURITY IN SMEs, INFORMATION SYSTEMS, MY PERSONAL REFLECTIVE VIDEOS, VIDEOS ON TOPICS and tagged , .

Leave a comment