Securing Your Business Online with Cybersecurity
Last Updated October 12, 2015
Security breaches at national retailers like Target and Home Depot have affected millions of American consumers. But did you know that cyber criminals target small businesses, too? If you’re a small business owner, you may not spend much time thinking about cybersecurity, but the facts are clear. It’s just as important to protect your data as it is to protect your physical inventory.
Without proper security, sensitive information belonging to you and your customers may be vulnerable to theft by cyber criminals, who can use it for illicit purposes. Customers rely on businesses to safeguard their information. If they fail, small companies may have a tough time regaining trust, which can hurt sales and profitability.
Cybersecurity Not Limited to Big Companies
The U.S. government recommends that all companies pay attention to cybersecurity. Here are seven tips to help you get started:
- Assess risk – Identify and categorize the types of information your company owns and manages.
- Develop a cybersecurity policy – A formal policy, based on the results of the risk assessment, can help establish a more secure environment. Include vulnerability reduction, procedures for security events and rules for handling company and customer information, along with penalties for policy violations.
- Leverage anti-virus software – Anti-virus software should be installed and frequently updated on computers and devices throughout the company. Set up automatic scanning to be performed at different times and at least once per day.
- Secure wireless systems – In general, wired-equivalent privacy (WEP) is not adequate for secure wireless encryption. Consider choosing Wi-Fi Protected Access 2 (WPA-2) with Advanced Encryption Standard (AES) to keep data safe, as it’s transmitted from computers to wireless access points.
- Encrypt data – Encryption is another way to scramble code when transmitting data. It can help lower risk of a cybersecurity breach by making sensitive data, like credit card numbers, more difficult for thieves to use. Encryption is bundled in many operating systems – PCs often have BitLocker, while Macs use FileVault. Be sure to research available options that suit your business needs.
- Back up data – Employee errors, system crashes and viruses or malware can destroy data, but you can help cut your losses with a strong back-up policy, using either external hard drives or cloud-based services. Some businesses might need to back up data only once or twice a week, while financial firms and others with more sensitive information should plan on daily backups.
- Secure your database – The majority of data breaches typically involve databases. A database’s vulnerability rises when it contains sensitive information. Businesses can help keep data secure by carefully choosing what information to store. If it’s rarely used, remove it from the database.
Now that your systems are set up and secured, it’s time to involve your employees.
How to Implement Employee Cybersecurity Practices
Practicing cybersecurity should be everyone’s responsibility, not just business leaders. Here are some tips to get employees onboard and help promote a more secure data environment.
- Train employees – Employees should be made aware of and trained on new security practices. Teach them how to create strong passwords, which can help limit the chances of a data breach. In addition, it’s often recommended employees change passwords regularly. Managers should also emphasize the importance of closely safeguarding company information, customer information and mobile devices, and inform employees of penalties for violating company security policies.
- Follow credit card professional practices – Be sure that employees are aware of bank and credit card processor rules and obligations when processing customer credit card numbers. It may be beneficial to isolate payment systems on a more secure platform to help limit breaches. Additionally, don’t use the same computer for both payment processing and Internet work.
- Limit employee access – Determine what data employees need to perform their jobs, and limit access to those areas. It’s typically recommended that only IT personnel install software on company computers. Employees should not be allowed to install software without permission, nor should every employee have access to all data systems.
Don’t Ignore the Importance of Cybersecurity
Small businesses tend to overlook how important it is to keep their information – and that of their customers – protected from cyber thieves. Regardless of whether your business is large or small, make cybersecurity part of your daily operations, so you won’t have to worry about a breach that can cause irreparable harm.