When you think of a data breach, you probably think of newsworthy stories like the Ashley Madison dating site, the voter database, or Anthem healthcare. Those made big headlines, and the data loss was astounding. An even larger cybersecurity issue that doesn’t make nearly as many headlines is currently the most popular target of data theft: small businesses.
Here’s a headline I’d like to see get some attention: “50 percent of small businesses have been breached in the past 12 months.” A data security breach may be the result of malicious hacking, employee error, poor system configuration, or loss of a device. Lost or stolen data might include high-profile information like credit card or social security numbers, proprietary company information, health data, and more.
This checklist is a starting point for securing the valuable data your small biz manages.
The two most important takeaways for employees are: (a) use a strong password and (b) establish internet use guidelines. Lay out rules for online behavior describing how to handle and protect customer information and other vital data.
Secure your network.
The company Wi-Fi network should be hidden, and both the network and the router itself should be password-protected. Install a firewall on all computers accessing your business network on a regular basis.
Keep your security software current.
This includes maintaining the latest version of your web browser and operating system. These are the best defenses against viruses, malware, and other online threats. The only way to get rid of an annoying security update pop-up window? Update now.
Backup your data.
Not all security breaches are malicious. If an employee leaves a company laptop on the bus, you can replace the laptop. But it would be a major expense to re-do all that work if it’s not backed up.
Migrate your data to the cloud.
Using cloud-based services for your small business makes it easy to access your data from anywhere at any time. It also has the benefit of being more easily secured by adjusting settings and permissions — and most cloud-based services have strong encryption standards. Google Drive and Dropbox are common examples.
Develop and implement a bring-your-own-device (BYOD) policy.
It’s a fact of modern life: Everyone has a smartphone, and most use multiple devices. Consider adding a separate wireless network for guest users and employees’ personal devices. Create a BYOD policy regarding the access and storage of company information, including email, on personal devices.
These are just a few of the precautions your small business should be taking against one of the most common threats to small businesses. The FCC’s guide for small business cybersecurity has even more resources for your consideration in the fight against data theft.