Many small business owners and managers can fall into the trap of not being concerned about data security. They believe that they are too small for hackers to care about. In truth, however, one in two small businesses has a security breach each year.
There’s a good reason why attackers target small businesses – they tend to have plenty of customer data and poor security, making them easy to break into. Hackers use automated means to target these businesses, and can easily get into hundreds of small businesses within short periods of time. The scale of these efforts ensures that the small size of these businesses doesn’t matter.
Companies that tend to be indifferent about data security are often just unaware of the risk, or because they lack the time or the expertise to ensure proper security. If you are a small business owner, you need to make sure that your company doesn’t add to the data breach statistic. It can help to take a few steps to ensure that your business remains secure.
Install a firewall
According to the FCC, a firewall is one of the best first lines of defense that small businesses can adopt against cybercrime. Not only should businesses get an external firewall, an internal one is advisable, as well. It’s also important for employees working from home to install firewalls on their computers.
Take formal note of your company’s cybersecurity system
Often, cybersecurity policies at businesses are a matter of intuitional knowledge, rather than documented policy. It’s important to introduce formal rules regarding cybersecurity. One of the easiest ways to develop documented cybersecurity rules is to use the resources available at the cybersecurity portal on the Small Business Administration’s website. You can take advantage of online training provided and make use of the checklists offered. You can even get started on your cybersecurity document by using the Cyberplanner 2.0 resource that the FCC provides.
Create a policy for mobile devices
Many small businesses allow employees to bring their own mobile devices to work. It is important, then, for businesses to create a properly documented security policy for such devices. It is also a good idea for businesses to make sure that the company password policy applies to all personal devices brought in by employees.
Offer employee training
At small organizations, employees tend to function in multiple roles. For this reason, it’s important that all employees receive training in cybersecurity practices. Employees should also sign documents agreeing to follow the practices that they learn.
Adopt good password practices
Studies reveal that two out of three cybersecurity breaches happen because of passwords that are either weak or are not kept adequately secret. Some studies even reveal that small businesses neglect to enforce password rules when they have them. At a time when mobile devices often have full access to company resources, it’s important that all employees be required to follow all password rules.
Get effective security software
It doesn’t make sense to simply believe that your employees know enough to not open phishing emails. No matter how much training you may offer your employees, there is always the possibility that someone will be careless. For this reason, it’s important to make sure that antivirus and other malware fighting software is installed on every device that accesses the company network.
Enforce a strong data backup policy
It’s important to have a fallback plan. Should a breach occur and cause you to lose your data, you should have up-to-date backups of files to do with all financial information, and every file critical to the business.
Businesses often neglect to adequately care about cyber security for the simple reason that they assume they will never be targeted. Statistics, however, show that the threat to small businesses is real. While ensuring cybersecurity can be a hassle, it’s still important that businesses pay heed to the need for security.
