If you think your small business is safe from data breaches, think again. A recent survey found that small businesses are an attractive target for hackers since they possess and manage sensitive consumer data, and have fewer security protocols in place than larger companies.
“A data breach results in angry and concerned customers and reputational damage,” says Joram Borenstein, vice president at NICE Actimize. “For some small businesses, it could prove difficult to recover from both the financial impact and the hit to their credibility.”
Rather than leaving your small business open to data breaches, experts suggest using the following checklist to protect your company against hackers:
1. Have you considered social engineering awareness?
“Social engineering involves manipulating workers to voluntarily give up information or access,” says Terry Evans, president of Cybersecurity Biz in Rochester, NY.
Here’s how social engineering works: A social engineer may call the new guy in your office and pose as an IT guy who is ‘testing the system’ to trick the employee into willingly giving up his password. Evans says that social engineers rely on the fact that employees don’t realize the value of the information they possess so they are lax in protecting it.
Provide your employees with social engineering awareness training in combination with implementing written policies and procedures.
- Instruct employees not to click on unsolicited e-mail attachments, or links that are embedded in e-mails.
- Train employees not to give out sensitive information to phone callers without first verifying their identity.
- Refrain from using USB drives that are left out in the open. They are often left in offices by hackers. Once the device is used, the company becomes infected with malicious software that allows the hacker to advance into your system.
“Failing to address the threat posed by social engineering is somewhat like buying a high tech security system and then leaving your front door unlocked,” say Evans.
2) Are you being proactive when it comes to security?
Before spending money on security software, Evans recommends that businesses assess what they really need, and designate someone on their staff who will be responsible for regular updates. “It’s easier to have a plan in place than to try to recover from a cyber attack,” Evans says.
“Many small businesses buy items they think they need but don’t fully understand,” Evans says. “But additional spending doesn’t ensure additional security if you don’t have the time or the manpower to implement the software properly or keep it up to date.”
Therefore, if you are unsure as to what security measures you should take, or what aspects of your business may be vulnerable to hacks, work with a professional to conduct an audit of your computers, network and mobile devices, in order to determine what steps you need to take to prevent hacks. This may include looking at how you back up data, whether or not you encrypt data, and how to protect information on your team’s mobile devices.
3) Are your passwords robust and changed frequently?
In addition to avoiding bad password choices, make sure your passwords are as strong as possible.
- Change your passwords frequently. Once a month is a good rule of thumb.
- Use passwords that are at least 13 characters long and includes symbols, letters and numbers (but no words).
- Consider using a password manager that can help secure your identity and increase the strength of passwords that protect your online accounts without requiring you to memorize a string of characters.
4) Is your data encrypted?
Anytime a small business is storing data, or when it isn’t being transmitted over the Internet, it should be encrypted. To accomplish this, turn on the full-disk encryption tools that come standard on most current operating systems (On Windows-based PCs, it’s called BitLocker and on Macs, it’s called FileVault).
Experts caution that the encryption only applies when users are logged out of the computer, so potentially hackers could attack through malware when the system is running. To prevent this, set your office computers to automatically log out after 15 minutes of inactivity.
5) Are you cyber savvy?
Since most small businesses don’t have a security consultant on staff, Borenstein recommends that business owners learn as much as they can about cyber security. The following resources can help:
- Staysafeonline, powered by the National Cyber Security Alliance (NCSA) has tools to help small businesses protect themselves and their customers against cyberattacks, data loss and online threats. Small business owners can also learn how to assess their risk, monitor threats, and implement a cybersecurity plan.
- The U.S. Chamber of Commerce offers a free Commonsense Guide to Cybersecurity for Small Businesses and the Small Business Administration (SBA) offers a free online self-paced course called Cyber Security for Small Business. Both the guide and course offer business owners information on how to protect their company from a cyber-attack, how to create a contingency plan, setting up firewalls and creating back-ups. If you feel that you need more assistance or would like to consult with a cyber security expert, consider retaining a consultant.
Are you worried that your business is at risk for a data breach? Take this quiz to find out how vulnerable your business is. (Source: TheHartford.com)