Cyber attacks on big companies dominate the news, but small businesses are big targets, too. One in five small businesses fall victim to a cyber attack and of those, 60 percent go out of business in six months. In nearly every cyber attack, the goal is to steal and exploit sensitive data, which includes credit card information, bank account data, or personal identity information.
For a small business owner, this data can be found in checkout forms, employment applications, or customer databases. Any vulnerability in the security of this data can result in devastating consequences for both your customers and your business. Additionally, companies that are breached must alert potential fraud victims. The process to notify an entire customer base can be expensive, and even more importantly, will likely cause irreparable reputational harm to your business.
Know as little as possible
Hackers can’t steal what you don’t have. The more data you collect and store, the higher your cybersecurity liability. Don’t collect information you don’t need and only store information for as long as you have a legitimate business need.
Protect the data you need to keep
When your business needs to store sensitive data on a network, it is essential to maintain strong authentication procedures to make sure that only authorized individuals have access to the data. For starters, require unique passwords. You’d be surprised at how many people still use “password” as the one and only defense against hackers. Keep in mind that hackers have access to software that guesses passwords with common dictionary words. Insisting on complex passwords is the cheapest and easiest line of defense against hackers. Also, require individual accounts/passwords for each of your employees and implement a system that requires passwords to be reset every 30 days.
When establishing data protection procedures for your company, analyze the role of each employee and set data access control limits based upon the role. Use a “least-privilege” principle to allow employees to only access data necessary to perform his or her role.
If your business keeps very sensitive data, consider implementing two-factor authentication procedures to offer an extra level of protection from hackers who may try to guess passwords.
Educate your employees
Frequently, cybersecurity breaches stem from human error. These mistakes are easily preventable through thorough training. It is imperative to teach your staff the importance of protecting data, the procedures in place to protect your company’s data, and how to recognize the signs of a breach. Your business should have cybersecurity procedures in place that clearly outline that the responsibilities carried by employees as well as reporting procedures for lost or stolen devices that contain sensitive data.
Don’t Skip the Basics
Be mindful of the basic precautions you can take to protect your company’s data. Keeping your customers safe requires your own computer systems to be protected, and many of these protections can be fairly effortless once established. For example, make sure all computers are equipped with antivirus and antispyware software, consider white listing programs and automate the software updates. Use firewalls and spam filters as an additional line of defense. Keep your Wi-Fi network secure and hidden