Small business owners always have a lot on their minds. They are consumed by thoughts about delivering great customer service and keeping products and services on the cutting edge to keep up with competitors.
With all of this on a business owners mind, something that often gets overlooked is security. Security may be thought about, but never really gets much attention until you are actually impacted by a breach.
How to avoid a breach:
1. Collect only the needed information and data:
When you start getting your client base established for your business, you will need to collect information and data about them. Some of this will include contact information (such as name, address, phone number, and possibly even credit card information). The database platform in which you store all of this should not only be secured, but very limited. For example, do you really need to store the credit card information? This saves time for your customer, yes, but if this financial data is stolen or compromised in any way, you will be held both legally and financially responsible. In fact, the average cost for a small business owner for such a type of data loss is a staggering $280,000.
2. Make sure the passwords you establish are hard for a cyber attacker to hack:
This is a topic that has been addressed in previous blogs, and yes, it still is one of the weakest links in the security chain for small business owners. It is always important to make sure your employees are on top of their game when it comes to creating strong passwords, and not sharing them with anybody else. These standards need to be established in your security policies, and firmly enforced. Consider very seriously using a password manager to help create and store long and complex passwords. Make use of implementing Two Factor Authentication (2FA), in which more than one layer of security is used to protect your company data. A great tool for this is Biometrics, either Fingerprint or Iris Recognition.
3. Make sure you use the proper levels of Encryption:
This simply means that any communication (especially that of email) remains in a “garbled state” and stays that way until it is received by the legitimate party. This helps to ensure that if it were to be intercepted by a cyber attacker, he or she will be unable to decipher it. Although this does not guarantee 100% security, the idea is that the cyber attacker will get frustrated in the time that it takes to unscramble the message, and as a result, will move onto a much less protected target.
4. Limit network access:
For any business large or small, the network component is at the heart of the IT infrastructure. After all, the servers reside here, from which your employees and other related personnel (such as outside vendors and contractors) can access information and data. Therefore, not only should you restrict the permissions, but you need to make sure all lines of communication between servers, workstations, and wireless devices are secure. In this aspect, you should consider using Virtual Private Networks (VPNs). You need to know where all this mission critical information and data reside on your servers. Consider these stats:
- Only 16% of small business owners know where their structured data resides
- Only 7% know the location of where the unstructured data
5. Not all cyber-attacks target electronic data:
There is the misconception that only this kind of information is subject to an attack. Keep in mind that there are also physical documents that can be a prime target, especially for an inside attack to occur. Make sure the storage places within your business remain secure. Only those employees needing absolute access to it have the keys. If you dispose of any sensitive paper documents, make sure you shred them first. There are no laws preventing “dumpster diving,” and anybody can comb through your trash receptacles that are located outside. You may even want to consider outsourcing this function to a reputable paper shredding company.
These tips are meant to get you thinking about the steps you can take to fortify the lines of defense for your small business. You may even want to consider hiring a cyber security consultant to help you assess where you stand, or train your employees in cybersecurity. The money spent will be worth it in the end.