Most businesses have strong procedures for their internal information security. These include physical locks, shredders for sensitive documents and procedures for discarding assets such as computer hard drives. But, when it comes to their online data security, things are more complicated. Hackers target vulnerable systems to steal information and identifies. As a business owner, you wouldn’t dream of leaving the back door of your company wide open to the world. But, you are very likely ignoring the one in your data network.
To help you slam that door, here are 5 things to consider:
1) It’s time to get serious: Hackers are after you.
Today, small and medium-sized businesses (SMBs) are far too casual when it comes to the security of information. In fact, over 87% believe and act as if they are not a target of hackers. Owners of SMB’s think they have little worth stealing.(1) A 2015 report from the Securities and Exchange Commission (SEC) showed that SMBs suffered 60% of known cyber attacks.(2) Hackers know that limited security resources and lack of in-house expertise make it easier to steal the Social Security or credit card numbers of employees and customers.
2) Have a strong data security policy.
To combat many of today’s cybersecurity vulnerabilities, it’s time to make or improve your data security policies. Data security issues are multi-faceted. Download policies, password protocols, and physical protection of devices are common. However, new threat opportunities are introduced all the time. Social media postings, use of personal devices, and mobile or remote access change the landscape for information security and opens new doors for breaches.
Development begins with identifying threats. A framework then outlines and explains expectations. Administrative controls and access are defined. The policy should include training and consequences for noncompliance. To help, there are guidelines employers can use to formulate strong appropriate policies from software developers and government agencies such as the FTC (3) and SEC. The policy should also have language that follows the lifecycle of the data which include what information should be asked. Pay attention to methods of disposal of data when no longer needed or mandated by law. Finally, the policy should include a plan of action in case of a data security breach.
3) Don’t help the hackers.
There is a continuous war between the software developers and hackers. Developers grapple with an enemy that plunders their code with attacks from many angles. And, they fight back with upgrades or defenses against known breaches. And, it all begins again as the hackers push and prod to find new exploitable openings. This makes updating software, antivirus or spyware more than an inconvenient chore.
Upgrading is time-consuming and easily overlooked or postponed. Use of automated updates to software, malware, and spyware allow more consistent implantation. But be aware that hackers are a smart and sneaky enemy. Many know how to turn off automated updates on systems to attack older software versions. Constant monitoring assures version compliance and protection. Additionally, updating firewalls, using encryption technology, and monitoring user access provides enhanced deterrents.
4) Provide support for your policies.
How often do we hear that simple passwords like 123456 or QWERTY were the culprits of a costly cyberattack? A strong policy and training for developing and changing passwords are strengthened with the right system supported enforcements. Mandating strong passwords through a scripted process is better when used with multi-authentication factors for retrieval. Hackers automate their password searches until they find a breach. Limiting the number of log-on attempts and a lock-out protocol provide additional security.
And remember, whether done by accident or malicious intent, breaches can happen in-house. Simple precautions include who and what is accessed but this is subject to internal breach if computers are left open and unattended in the office. An automated log-off is a good precaution and keeps access appropriate. And, it should go without saying that passwords should be kept secure and not posted near the computer.
5) Nothing is carved in stone.
Every day there are new threats to your data. But, prioritizing security doesn’t have to impede the core functions of the business. Be aware of what’s happening on your network and plan to revisit policies on a routine basis. When upgrading to new equipment, software, or mobile apps ask questions about security. Use the security protections already provided by your vendors and ask if additional security is available. Vet new employees against your security concerns and provide information and training. Be aware of how your systems are being accessed or viewed on mobile devices or in remote locations.
For all businesses, data security demands a plan and a budget. Even more important, it demands appropriate attention. The costs of a data breach or failure are felt in numerous ways that include lost revenue and productivity, fines, remediation, and lost reputation. Hackers have targeted SMB’s because of their lack of attention to data security. But that is changing. There is no perfect data security system, however, most cybersecurity experts agree that is far less expensive and time-consuming to prevent a breach than to fix one.
About the Author:
Patricia Moyer is an award-winning writer living in beautiful Tampa Bay, Florida. For over 10 years, she has written articles, sales copy, and blogs for numerous industries including e-commerce, software services, health & beauty, and the business opportunity markets.