As information security breaches become more widespread, is your business taking the necessary steps to protect its most valuable data?
Last year, a “colossal breach” of government computer systems affected an estimated 21.5 million Americans, as foreign hackers made off with a treasure trove of personal data including Social Security numbers and fingerprints, reports the New York Times. During the busy holiday shopping season in 2013, a major retailer made headlines not for its sales, but for its security vulnerabilities. Hackers stole credit card data from more than 40 million accounts.
Think only large companies are the targets of security breaches? Think again. While major data breaches affecting large corporations and even the U.S. government make headlines, small businesses can be security victims, too. Quickbooks warns that a lackadaisical approach to server passwords, wireless network security, software upgrades and cloud data storage could set small business on a collision path for a major security breach. For a small insurance agency, a data breach could be devastating. Insurance agents build their reputation on their ability to protect clients from disaster, not bring disaster into their lives!
Wireless network security, software upgrades, company passwords, and cloud storage selection can all play an important role in keeping your small business protected. Employee training is also essential. Both the Small Business Association and the FCC lists “employee training” as the number one way small businesses can strengthen their cyber security protections.
In addition to develop a protocol for training employees about digital security, keep the following considerations in mind.
1. Secure your Wi-Fi network. The FCC recommends using a secure, encrypted and hidden Wi-Fi business network. A “hidden” network is one that can only be accessed by a known user; the Wi-Fi network will not broadcast the network name. Per FCC recommendation, use the Service Set Identifier (SSID) protocol to protect router access and hide your network.
2. Limit employee access to confidential data. The more employees who have access to confidential data, the greater the risk for a potential security breach, says the FCC. Only allow employees access to the immediate data they need for their specific job. The FCC cautions against allowing any one employee total access to confidential data as even an inadvertent security breach due to negligence could have devastating consequence. Finally, consider how your business is tracking clients. The FCC recommend against using Social Security numbers to identify customers.
3. Think twice about cloud storage. There are a number of benefits to cloud storage, reports Quickbooks, including being cost efficient, allowing easy access to your data from anywhere, enhancing collaboration, and ensuring data is automatically backed up. That said, not all cloud storage servers offer both encryption and decryption of files as part of their service contracts. When selecting a cloud service provider, an additional consideration is whether the provider will limit file access to vetted employees. Talk to your current provider about your security needs and how best to protect your confidential data.
4. BYOD concerns. The BYOD (bring-your-own-device) trend presents additional security considerations, including data leakage. Securing employee smartphones and computers can be a challenge. Security firm Sophos recommends enforcing strong passwords on all devices, using anti-virus protection to reduce the risk for data loss, and using mobile device management to quickly wipe sensitive data should a device be lost or stolen.
Cyber security is important for businesses of all sizes, not just large corporations. Something as simple as an unsecured Wi-Fi network or an unencrypted cloud storage server could open your small business up to a host of vulnerabilities, cautions the FCC. Now is the time to assess potential vulnerabilities and take steps to help strengthen security measures. While you can certainly upgrade your security after an attack, regaining client trust may prove to be an uphill battle.