You and your colleagues have invested untold amounts of time, energy and capital into your business. You want to protect it from potential threats - ranging from burglars to computer viruses to fire.
By Reed Richardson

Security is especially critical for small companies. Small firms have fewer resources than their larger competitors, so they tend to suffer disproportionately when security problems occur: For example, a negligible theft or computer virus at a big corporation might cripple a small business. Many small businesses are strapped for time and cash, however, so they often fail to take sufficient precautions to protect themselves. That's a big mistake. Security investments not only keep your company safe - they pay for themselves many times over. The following sections outline the most important steps you can take to protect your firm's information, assets and employees.


Digital Security

The digital revolution has given small businesses capabilities that were once the exclusive domain of their big competitors - from fast, high-quality publishing to instant global communication. But those technologies also have brought new dangers, including hackers, viruses, worms, Trojan horses, spyware, adware and other digital beasties.

A recent study by the Small Business Technology Institute (SBTI) in San Jose, California, found that most small businesses are inadequately protected - and the problem is getting worse. "Small businesses are using increasingly sophisticated technology," says Patrick Cook, an analyst with SBTI. "But their digital security systems aren't keeping up, so they are increasingly vulnerable."

The study found that more than half of small businesses had experienced an information security incident in the previous 12 months, and one in ten small businesses had suffered five or more. Some of those incidents resulted in catastrophic data loss or theft, but the majority had less obvious repercussions. "The biggest problem was lost productivity," says Cook. "Viruses, adware, spyware and other intrusions lead to downtime for networks and employees, and that costs businesses a lot of money."

Mike Faoila, president of Boston-area printing company Arlington Lithograph, learned that lesson seven years ago. The 25- employee business upgraded to an entirely digital printing process in 1995 - and experienced its first virus in 1998. "Four of our six workstations were disabled," says Faoila. "Everything ground to a halt."

Faoila discovered that the company's antivirus software was six months out of date. A quick upgrade took care of the problem - and the experience made Faoila a true believer in the importance of data security. "That was probably the best thing that could have happened to us," he says. "Everything we do depends on our computers. Security takes a small investment of time and money - and it pays for itself even if it just prevents one workstation from going down for one day."

The moral: Investments in network security can boost your bottom line. Cook recommends increasing your business's digital security expenditures in line with your investments in computers, servers, and networking equipment.

The following steps will help you spend that money wisely:

Put up firewalls.
Firewalls prevent hackers from peering inside your network. They come as both hardware and software products - your firm should have both. Make sure firewalls are installed both on your computer network and on each computer, including those connecting remotely.

Use powerful passwords.
For passwords to do their job, they should contain at least eight characters and some combination of upper-and lower-case letters, digits, and symbols. Make sure everyone at your company changes passwords every few months.

Patch holes automatically.
Make sure your operating systems have all the latest security patches. This is a snap: Simply go to the OS maker's Web site and sign up for automatic security updates. The site will upload any new patches to your computers as soon as they become available.

Use free security tools.
For example, Windows XP contains a high-quality built-in software firewall, and Symantec, Microsoft and other software companies offer free spyware scans on their Web sites.

Inoculate against viruses.
Install up-to-date anti-virus software on every networked computer. Make sure it's set to download updates automatically.

Surf with care.
Enable your Web browser's security settings (you usually can find these in the "preferences" menu), and never click on pop-up ads.

Email intelligently.
Never open attachments from unknown senders, or attachments with extensions you don't recognize.

Back up data files.
Assign one employee daily back-up duty, and test the system regularly to see if information can be restored from the backup copies.

Hide your wireless network.
Wireless networks are relatively easy for malefactors to exploit. Use Wi-Fi Protected Access (WPA), which encrypts wireless data and prevents intruders. Avoid older systems such as Wired Equivalent Privacy, which have less protection.

Audit your security systems.
Hire an IT consultant to perform an annual security audit that includes an examination of every machine at the company.

Vital Records Protection
Chances are, your business would be in big trouble if a fire or natural disaster destroyed documents such as customer lists, contracts, invoices, and insurance documents. In fact, Steve Aronson of the records protection firm Fire King International reports that only half of all businesses that experience total records loss survive the following year.

The good news: It's relatively simple to protect such documents. Store them in file cabinets that are rated by Underwriter Laboratories to withstand one hour of fire as well as heavy impacts. Impact protection is critical, since large fires typically cause roofs or floors to cave in. Such cabinets typically cost two to three times the amount of an ordinary steel filing cabinet - a small investment to protect your firm's most valuable records.

Digital records stored on CDs, hard drives, and other digital media are more sensitive, so they need greater protection. Be sure to keep those records in a data safe rated by Underwriter Laboratories to keep contents below 125 degrees and 80% humidity for at least an hour during a fire.

Physical Location Security

Many small businesses will be well served by hiring a security vendor to monitor their premises and deter robbery, vandalism and other physical threats. Security vendors can tailor a system that keeps a lookout using digital video cameras and a variety of sensors, and then relays important information to key business members and law enforcement. (The cost will vary widely depending on your security needs.) Select a reputable vendor recommended by your chamber of commerce or other small businesspeople and certified by the National Burglar and Fire Alarm Association (NBFAA).

Meanwhile, take the following security precautions:

  • Make frequent deposits to reduce the amount of cash on hand.

  • Maintain adequate lighting, both inside and outside your facility.

  • Eliminate hiding places around the premises by keeping grounds clean and spacing out trees and bushes.

  • Change locks regularly, particularly if you have high employee turnover.

  • Use safes that carry Underwriter Laboratories ratings of five or higher.

  • Contact local police about performing a security audit


Fraud is more common - and more costly - than you might think. The Association of Certified Fraud Examiners (ACFE) estimates that the typical business loses 6% of its annual revenue to fraud. Losses are even worse for small businesses: Small businesses that suffered from fraud lost a median of $98,000 - more than all but the very largest organizations. Create a positive work environment. "Employee resentment creates an environment ripe for fraud," says Larry Cook, a fraud examiner in Kansas City. Some essential elements of a positive environment include:

Integrity at the top. If the owner takes cash from the till without recording it, he sends the message that doing so is okay.

Written job descriptions. Job descriptions create clear responsibilities, so employees don't feel put-upon.

Open lines of communication and clear lines of authority. Workers need to know that complaints will be dealt with fairly and expediently.

Separate financial responsibilities. It's best if the people who handle the money are not the same people who record transactions. Limit access to valuable assets and information. Such items include cash, tools, and other pricey equipment, intellectual property, and accounting and human resources records. Create strong fraud policies. Fraud and ethics policies should be written and distributed to all employees - including senior management. The ACFE found that the higher a fraudulent employee's rank, the more expensive the fraud. Conduct thorough background checks. Examine an applicant's criminal record, driving record, and history of civil lawsuits, and verify the information on the resume or application. Look for warning signs such as arrests for violent offenses or lawsuits for fraudulent conduct or collection of funds. Important: The applicant must sign a release allowing you to look into these matters, or you risk running afoul of privacy laws. Build an anonymous reporting system. The majority of fraud that's discovered is reported by whistle-blowing employees.

As a result, companies with confidential reporting mechanisms lose only half as much to fraud as those without them, according to the ACFE. Make sure employees, customers, and vendors know about the system. You can outsource your reporting system to a vendor, or simply maintain a phone line that goes straight to voice mail. Perform regular and irregular audits. You can hire a security firm to gauge your fraud-prevention controls. That's likely to be expensive - typically more than $10,000. Alternatively, fraudinvestigation firm CVA Solutions offers a well-regarded vulnerability assessment at Use video cameras - but only where necessary. Closed circuit cameras are one of the best ways to deter employee theft, and advances in digital technology have made them far more affordable and easier to use. Employees generally don't mind surveillance cameras, as long as they are clearly used to prevent fraud - not to catch loafing. Investigate incidents promptly. Doing so will discourage future fraud, and encourage whistle blowers.

Guarding your business against digital intrusion, records loss, robbery, and fraud is essential and can make the difference between the success or failure of your enterprise. The process may not be easy, and certainly will require an investment of time and cash - two things in short supply at many small businesses. But those investments will reap generous returns. Protecting your firm from the various threats it faces may increase productivity, decrease losses to theft, and keep you afloat after a calamitous event - and it also will dramatically improve your peace of mind.

Reed Richardson is an associate writer/editor for Business 24/7 magazine.