Data security without spending a fortune
Many people think that hackers only attack banks in Warsaw or huge corporations. The truth is that last year, 14 local companies from Poznań we spoke with lost access to their email through one employee error. You don't need to buy servers for millions to sleep peacefully.
Why a hacker isn't looking for your company (but will find it anyway)
At the Corporate Innovation Embassy, we often hear that a small business is not a target. This is a mistake that costs a lot of nerves. Hackers don't sit in hoods and type your name into a console. They release automated programs that check thousands of addresses at once. If your password is 'Autumn2023', such a program will crack it in 3.2 seconds. They don't need any magic for that. This is exactly how data of 83 clients leaked from a small accounting office we served in March.
Most security problems stem from messiness, not from a lack of expensive equipment. We respect the old rules, so we know that order in papers is fundamental. It's the same in a computer. We noticed that among our 47 active clients, the weakest link was an old laptop lying in a corner that no one had updated for three years. This is like leaving the warehouse doors open at night. It might seem like nothing happened for a month, but eventually, someone will walk in and check what's inside.
We apply process diplomacy here. Instead of forcing people to change passwords every week, which only ends up with yellow sticky notes on the monitor, we teach them to recognize strange emails. Last quarter, our clients reported 12 data phishing attempts to us. All were stopped because people knew what to look for. This cost us exactly zero zlotys in equipment and saved companies from huge stress related to official audits.
Security is not a matter of expensive boxes with blinking lights, but what your people do in front of the monitor.
The clean desk rule and technology the human way
Technology the human way means that a system should help, not hinder work. If security is too difficult, employees will start bypassing it. We've seen this dozens of times. People send passwords on messaging apps because the company login system requires 20 characters and an SMS code every half hour. This is a recipe for disaster. We focus on simple steps that actually work without breaking what has worked in the office for years.
A real-life example: a small workshop, 7 people on board. The boss was afraid that if he introduced logging into every computer, the guys would stop working because they would just be signing in. We set them up with fingerprint readers for 156 PLN each. It works faster than typing a name, and the computer is locked when the mechanic walks away from the desk. This is exactly what we call implementing technology where peace of mind counts. No one complains, and the data is secure.
It's also worth looking at what's left on the printers. We respect the old rules, but leaving invoices with the data of 124 contractors in a public place is asking for trouble. In one office in Poznań, we introduced the 'follow-me printing' rule. A document only prints when you put your card to the device. Implementation cost? A few hours of our work and configuring what they already had on-site. Zero new purchases, and data privacy increased by 67%.
A backup that actually restores data
Everyone says they do backups. But few check if anything can be recovered from them. We had a case in July 2024 where a company was sure everything was being copied. When the disk with the order database failed, it turned out the backup had been empty for 11 months. That was a cold shower. At the Corporate Innovation Embassy, we check such things every quarter. It's our routine that allows us and our clients to sleep peacefully.
A good backup doesn't have to cost 2,400 PLN a month for a cloud subscription. For a small business, a simple network drive and one encrypted copy sent once a week outside the office is often enough. This is a solution for a few hundred zlotys that saves a company from collapse. When one of the companies we serve experienced a power surge and three computers burned out, restoring everything to a usable state took us exactly 2h 14min.
Remember that a backup is insurance. You don't buy it to use every day, but so you don't go bankrupt when something goes wrong. (Heads-up: If you keep the backup on the same disk as the original, it's like keeping a spare key to a safe inside that safe). Check today where your files land. If you don't know, you probably don't have them.
A backup is worth as much as the restoration test performed in the last month.
Security budget: how to save 3,800 PLN a year
Software vendors will tell you that you need an 'Enterprise' package for several thousand euros. That's nonsense. Most small and medium-sized businesses in Poland need solid foundations, not protection against intelligence agency attacks. By focusing on free features you already have in Windows or your email, you can save real money. We calculated that for one of our clients, giving up unnecessary security subscriptions saved 3,800 PLN per workstation per year.
Instead of buying another program, invest 15 minutes in a conversation with employees once a month. This is the cheapest and most effective tool. Show them what a fake invoice looks like. Explain why you shouldn't plug a pendrive found in the parking lot into the accountant's computer. Such meetings build a culture of responsibility. People feel they are taking care of a common good, not that they are being watched by an IT 'big brother'.
Our approach is process diplomacy in its pure form. We don't destroy your regulations, we just fit the technology to them. If your company has been working on paper sheets for 8 years, we won't force you to switch to a system no one understands. We'll show you how to safely scan those sheets and where to keep them so they are accessible only to authorized people. This is real security that doesn't cost a fortune.
A simple to-do list for next Monday
You don't have to change everything at once. Start with small things. Check if everyone on your team has their own account on the computer. A shared 'OFFICE' account with the password '1234' is the easiest way to trouble, because in case of an error, it's not known who committed it. Separating accounts takes 10 minutes per computer and costs nothing. This is the first step towards peace, which we promote at the Corporate Innovation Embassy.
Secondly, review the list of people who have access to your corporate banking. It often happens that people who haven't worked for you for a long time still have permissions. In June, we helped a Poznań company clean up such access – it turned out that 3 former employees could still look at the statements. This isn't a matter of lack of trust, but of work hygiene. We respect old rules, and one of them is that keys are returned after the service is over.
If you have any doubts, just ask. You don't need to be an IT expert to run a secure business. We are here to translate technology into human language. (To be honest, we solve most problems during one short visit to the office). Don't wait until 2,400 PLN disappears from your account because of one careless transfer. Start taking care of your data now, using what you already have at hand.
