Cybercrime and the losses associated with it are on the rise. According to the Insurance Information Institute, in 2017, reported data breaches were up 44 percent and this number is likely to rise again.
It's not just large corporations that hackers are interested in as more and more small businesses are increasingly being targeted. A growing number of cybercriminals are performing "supply chain attacks" which involves hacking small businesses first in order to gain access to the larger corporations they work with. Therefore, it is critical for you and your employees to know how to protect your business by keeping these following tips in mind:
- Inform yourself. The guide "Small Business Information Security: The Fundamentals" offers a clear and concise overview of the cybersecurity issues that small business owners need to be aware of. It covers everything from understanding your risk to recovering lost data in the event of a breach.
- Update your software regularly. This not only makes your devices run better, but it also protects them against vulnerabilities.
- Install robust cybersecurity software. If possible, hire a cybersecurity expert to design a system that meets your company's specific needs. This should include at the very least a good firewall, as well as antivirus and malware programs.
- Limit access to sensitive data. Use two-step or three-step authentication to protect highly sensitive files such as employees' personal data and customers' credit card information. Also, make sure that staff who change roles don't keep permissions they no longer need.
- Use encryption. Encryption renders data illegible to people who don't have the key to decipher it. Business News Daily reports that both Windows and OSX operating systems have built-in encryption options that can protect the data on your hard drive. There are also third-party encryption programs available; plus, some cybersecurity vendors offer it as part of their security suites.
- Train your staff in cybersecurity. According to Forbes, it's important to make sure your staff knows how to generate strong passwords, encrypt data and avoid malware.
- Back up your data. Make online and offline backups of all important business data. That way, if for some reason your data is irretrievable on your regular system, you'll still be able to access it.
- Dispose properly of your old IT assets. Old computers, hard drives, zip drives and phones that you no longer use can be treasure troves of sensitive data. That's why effective disposal methods such as data erasure, degaussing and on-site shredding is so critical. However, even though your data leaves your custody to be destroyed, in most instances, you're still liable for any breaches if your data isn't thoroughly deleted. For this reason, you're best advised to employ data destruction services that are fully AAA certified by the National Association for Information Destruction (NAID).
It's important to understand that despite your best efforts, a data breach may still occur. For this reason, it's advisable to establish a detailed response plan that you can fall back on in the event an incident occurs.