All of the previous measures in personal and home security also apply for businesses, there are however other considerations which are important from a business perspective for a couple of reasons.
The first being that you want to keep your business and its information safe and secure. The other is that when dealing with personal information you must comply with data protection laws.
You will have seen throughout this course that the threat whether by accident or maliciously comes via a human. From a business perspective training and awareness such as this short course are an essential part of protecting a business. There are however other things to consider, some of which are IT or technical related but many are not.
In every business, there are guidelines, rules, policies and processes which provide a framework by which a business operates. Employees know what to do or what not to do, What the boundaries are and the consequences for over stepping the mark. There should be similar policies and processes around the security of information within a business.
There are further aspects to consider.
Risk management. A key defence is to understand the information your business holds, who has access to it, how it can be accessed, the risk to that information and then look at what can be done to reduce, eliminate, transfer or accept that risk. Once you have done this process, then look at the IT measures that can help support this and have a robust business continuity program in place for when things go wrong.
From a purely legal perspective, in the event of your business data being lost, stolen or otherwise compromised the information commissioner will act based on what you could of done and should have done to prevent that loss. Failure to not have understood the risks and how to defend against them isn’t an excuse that they will accept.
The threat to your information is the biggest threat your business faces, get an expert to help you with it, just as you would with your accounts etc. You wouldn’t do all your accounts without professional help, this should be the same, use an information security professional.