If your business uses the Internet, here are some simple steps you can take to protect your sensitive online business information.
Small, Medium and Large Businesses Face the Same Online Data Security Risks – Take the Lead and Protect Your Business
Most small businesses depend on the Internet.
Whether it’s email, client logins, taking payments, or a website, then your business data is out there, which means it’s at risk of falling into the wrong hands.
As a small- to medium-sized business owner, it’s important to take a leadership role in protecting your business information.
In the wake of events like the Equifax data breach it’s important to review a few helpful tips that could save your business headaches down the road.
If you’re a sole proprietor working out of your home, the Equifax breach puts your business information at risk – unless you have an EIN, which may help slow the criminals down.
Nine steps to protect your business information
1. Create difficult passwords, change them often, and use a password manager.
For more details, read our blog post about password management
2. Use a paid email service
Look for security features like two-factor authentication, password monitoring, remote-wipe if there’s a lost device, etc. We talk about this a little in this blog post.
If you are hosting your own email server on-site, make sure that server is patched, has current virus protection, and has limited access (online and in-person).
3. Use virus and malware protection on all devices – yes even on a Mac.
I use Bitdefender because it works on Mac, PC, and Android devices, and they have reasonable packages for up to 10 devices
4. Keep your devices up-to-date.
When you receive a security notice to update your computer, an app, server or phone, these are security updates that protect your device (and ultimately your data). This is your ‘front line’ of defense.
The Equifax breach may have occurred because an application wasn’t patched properly
5. Use a PCI-compliant service to manage payments
The Payment Card Industry (PCI) (e.g., VISA, MasterCard, Discover, etc.) has a set of standards for protecting personally identifiable information (social security number, name, address, financial information, etc.).
Whenever possible, ask the customer to enter their own information through an online portal or your point of sale system. If you are handling paper files with credit card information you are responsible for protecting it.
6. Protect important business documents – on paper and in the cloud
Don’t leave sensitive information lying around the office (money, bank statements, trade secrets, etc.).
Limit access to files so employees can only see what is essential to do their job. Encrypt files on devices (FileVault, BitLocker), in the cloud, or on servers.
Oh, and back everything up
7. Be aware of sophisticated email attacks
Your organization is only as strong its weakest link – and criminals know it.
One of the more advanced and prevalent email scams is called spear phishing. These messages:
- Appear to be from someone you know
- The request is very urgent; and
- Usually involves handing over information that could be used to harm your organization (e.g., financial information, usernames/passwords).
When an email seems out of character, give the person a call to confirm the request
8. Establish employee guidelines for website and social media use
9. Protect your devices – avoid open, unsecured, or public WIFI
I love this SANS OUCH newsletter, which provides some great advice for securing your information while traveling. This information applies if you work in coffee shops or libraries (if everyone knows the network password, it’s not secure).
There are many additional ways to protect your small business from cyber-crimes.
The most important thing to remember is to make it difficult for a criminal to access your information, making it more likely criminals will move on to an easier target.
It may seem overwhelming to change your processes to protect your information. But look at the costs of doing nothing.
It costs well over $150,000 for the average small- to medium-sized business to recover from a cyber attack. Not only that, but 90% of small- to medium-sized businesses close permanently within 2 years of an attack. These stats, and more, are in the infographic below.It costs over $150,000 for the average small- to medium-sized business to recover from a cyber attack. Click To Tweet
A little leadership goes a long way. Your organization is never too small or too big for an attack.
Don’t be scared, be smart.
Infographic Source: https://smallbiztrends.com/infographics/small-business-cyber-security