Updated: Dec 13, 2019
News reports of cyber attacks and security breaches are becoming increasingly frequent. From large conglomerates like Target and Home Depot to fast food restaurants, organizations from all industries have fallen victim to hackers.
Cyber attacks don’t just happen to big companies. A recent Forbes article noted that 20% of small to midsized businesses have been targeted by cyber crimes and the cost of these hacks is estimated to reach $2 trillion by 2019. Though a small business owner may assume that his or her enterprise is too small to be at risk or it is too expensive to adequately protect company data, cybersecurity should not be ignored. Small businesses are often targeted by hackers because they tend to have weaker security procedures in place.
In nearly every cyber attack, the goal is to steal and exploit sensitive data, which includes credit card information, bank account data, or personal identity information. For a small business owner, this data can be found in checkout forms, employment applications, or customer databases. Any vulnerability in the security of this data can result in devastating consequences for both your customers and your business. Additionally, companies that are breached must alert potential fraud victims. The process to notify an entire customer base can be expensive, and even more importantly, will likely cause irreparable reputational harm to your business.
How can your small business reduce its risk for a cyberattack? Here are five basic tips:
Hackers can’t steal what you don’t have. The more data you collect and store, the higher your cybersecurity liability. Don’t collect information you don’t need and only store information for as long as you have a legitimate business need. In addition to an increased risk for a cyber attack, businesses who are careless with customer data can be charged by the Federal Trade Commission (FTC).
When your business needs to store sensitive data on a network, it is essential to maintain strong authentication procedures to make sure that only authorized individuals have access to the data. For starters, require unique passwords. You’d be surprised at how many people still use “password” or “qwerty” as the one and only defense against hackers. Keep in mind that hackers have access to software that guesses passwords with common dictionary words. Insisting on complex passwords is the cheapest and easiest line of defense against hackers. Also, require individual accounts/passwords for each of your employees and implement a system that requires passwords to be reset every 90 days.
When establishing data protection procedures for your company, analyze the role of each employee and set data access control limits based upon the role. Use a “least-privilege” principle to allow employees to only access data necessary to perform his or her role.
If your business keeps very sensitive data, consider implementing two-factor authentication procedures to offer an extra level of protection from hackers who may try to guess passwords.
Frequently, cybersecurity breaches stem from human error. These mistakes are easily preventable through thorough training. It is imperative to teach your staff the importance of protecting data, the procedures in place to protect your company’s data, and how to recognize the signs of a breach. Your business should have cybersecurity procedures in place that clearly outline that the responsibilities carried by employees as well as reporting procedures for lost or stolen devices that contain sensitive data.
Credit card information is arguably the top target for hackers, so make sure your business uses the most trusted and validated tools to process payments. In fact, your business agreements with your bank or payment processor may include additional security obligations. Separate your payment system from other, less secure programs and do not use the same computer to process payments and surf the internet.
Be mindful of the basic precautions you can take to protect your company’s data. Keeping your customers safe requires your own computer systems to be protected, and many of these protections can be fairly effortless once established. For example, make sure all computers are equipped with antivirus and antispyware software and automate the software updates. Use firewalls and spam filters as an additional line of defense. Keep your Wi-Fi network secure and hidden.
For more information about cybersecurity and data protection, check out the Federal Trade Commission’s “Start with Security: A Guide for Business” or Stay Safe Online, an online resource center supported by the Naitonal Cyber Security Alliance.