Back to top

Encompass® Agency Insights & Articles



Cyber Security in the Information Age: Is your Small Business Safe?

Laptop..

As information security breaches become more widespread, is your business taking the necessary steps to protect its most valuable data?

Last year, a “colossal breach” of government computer systems affected an estimated 21.5 million Americans, as foreign hackers made off with a treasure trove of personal data including Social Security numbers and fingerprints, reports the New York Times. During the busy holiday shopping season in 2013, a major retailer made headlines not for its sales, but for its security vulnerabilities. Hackers stole credit card data from more than 40 million accounts.

Think only large companies are the targets of security breaches? Think again. While major data breaches affecting large corporations and even the U.S. government make headlines, small businesses can be security victims, too. Quickbooks warns that a lackadaisical approach to server passwords, wireless network security, software upgrades and cloud data storage could set small business on a collision path for a major security breach. For a small insurance agency, a data breach could be devastating. Insurance agents build their reputation on their ability to protect clients from disaster, not bring disaster into their lives!

Wireless network security, software upgrades, company passwords, and cloud storage selection can all play an important role in keeping your small business protected. Employee training is also essential. Both the Small Business Association and the FCC lists “employee training” as the number one way small businesses can strengthen their cyber security protections.

In addition to develop a protocol for training employees about digital security, keep the following considerations in mind.

1. Secure your Wi-Fi network. The FCC recommends using a secure, encrypted and hidden Wi-Fi business network. A “hidden” network is one that can only be accessed by a known user; the Wi-Fi network will not broadcast the network name. Per FCC recommendation, use the Service Set Identifier (SSID) protocol to protect router access and hide your network.

2. Limit employee access to confidential data. The more employees who have access to confidential data, the greater the risk for a potential security breach, says the FCC. Only allow employees access to the immediate data they need for their specific job. The FCC cautions against allowing any one employee total access to confidential data as even an inadvertent security breach due to negligence could have devastating consequence. Finally, consider how your business is tracking clients. The FCC recommend against using Social Security numbers to identify customers.

3. Think twice about cloud storage. There are a number of benefits to cloud storage, reports Quickbooks, including being cost efficient, allowing easy access to your data from anywhere, enhancing collaboration, and ensuring data is automatically backed up. That said, not all cloud storage servers offer both encryption and decryption of files as part of their service contracts. When selecting a cloud service provider, an additional consideration is whether the provider will limit file access to vetted employees. Talk to your current provider about your security needs and how best to protect your confidential data.

4. BYOD concerns. The BYOD (bring-your-own-device) trend presents additional security considerations, including data leakage. Securing employee smartphones and computers can be a challenge. Security firm Sophos recommends enforcing strong passwords on all devices, using anti-virus protection to reduce the risk for data loss, and using mobile device management to quickly wipe sensitive data should a device be lost or stolen.

Cyber security is important for businesses of all sizes, not just large corporations. Something as simple as an unsecured Wi-Fi network or an unencrypted cloud storage server could open your small business up to a host of vulnerabilities, cautions the FCC. Now is the time to assess potential vulnerabilities and take steps to help strengthen security measures. While you can certainly upgrade your security after an attack, regaining client trust may prove to be an uphill battle.

The general information contained in The Encompass Blog is provided as a courtesy, and is for informational and entertainment purposes only. The contents of this website are subject to periodic change without notice. Information provided on The Encompass Blog is not intended to replace official sources. Although attempts will be made to ensure that the information is accurate and timely, the information is presented "as is" and without warranties. Information contained on The Encompass Blog should not be mistaken for professional advice. Information contained herein should not be considered error-free and should not be used as the exclusive basis for decision-making. Use of website information is strictly voluntary and at the user's sole risk. We encourage you to obtain personal advice from qualified professionals when making decision regarding your specific situation. Other resources linked from these pages are maintained by independent providers. The Encompass Blog does not monitor all linked resources and cannot guarantee their accuracy. Statements, views and opinions included in an independent provider's material are strictly those of the author(s). These views may not necessarily represent the opinions or policies of The Encompass Blog, the Encompass family of companies or its agents, officers or employees.

ECC Monitor: OK