Blog & Company News
Aug 27, 2015
Security Essentials for Small Businesses
With the increased frequency and sophistication of modern cyber attacks, it is more important than ever for business owners to educate themselves and their staff about the dramatic effects of a data breach. With so many big businesses making the headlines for failed security over the past year (Target, Sony, Anthem, just to name a few), it’s easy to think breaches only happen to Fortune 5’s, but poor security affects everyone. In fact, one report found that 71% of security breaches target small businesses (Trustwave Global Security Report).
And, unfortunately, it’s easy to understand why:
- There’s often no dedicated IT person in SMB organizations
- SMBs are less likely to invest in security training or comprehensive security defenses for their systems
- SMBs are less likely to keep security systems updated
- Hacks - often automated - target vulnerabilities, not specific individuals or organizations
Bottom line: matters of security are not to be taken lightly, no matter your size or industry. Small businesses can protect their customers and themselves by staying informed about new cyber threats and the latest solutions and best practices that are available to reduce the likelihood of a costly security breach.
- Enable a Firewall- A firewall is one of the most essential security steps to take in order to protect your network against cyber attacks and malware penetration. If your employees work from home, they should have a firewall on their computers as well.
- Safeguard Valuable Documents and Equipment– Make sure all digital devices used for business are protected with antivirus and antispyware software that is regularly updated. All computer servers and sensitive paperwork need to be stored safely and securely, with a limit to the number of people with keys and/or access codes. Research off-premise data center or cloud solutions to increase the safety of your information.
- Use a Password Manager– In theory, we all know we should be using different passwords for each website and login point, but very few people actually follow this practice. For convenience, most users routinely use the same or similar passwords for multiple services. Luckily, there are now many tools to help us manage our passwords correctly. In addition to a password manager, use multi-factor authentication to verify your passwords. Multi-factor authentication requires information other than a password to gain access to the network; and it is one of the simplest things you can do to strengthen digital security. Enable this feature on any account that provides the option.
- Create a Backup Routine- Sensitive data should always be backed up regularly; at least on a weekly basis, automatically if possible, and the backup copies should be stored in a remote location or in the cloud. Consider creating a backup plan for critical documents such as financial records, accounts payable/receivable, databases, word documents, human resources files, and electronic spreadsheets.
- Control Access– Don’t let unauthorized individuals use business computers or equipment and limit physical access to your systems. Even employees should only have access to the specific data systems they need to do their jobs. Make it standard procedure for all employees to seek permission before installing any software.
- Ensure PCI Compliance - PCI compliance is the standard, basic required level of protection for card payment information. For any merchant who wants to continue to accept major credit/debit cards, non-compliance is not an option. Adherence to the recommended security guidelines is an ongoing process designed to minimize the risk of a data breach. It is important to always stay up to date with the latest PCI standards because PCI DSS will continue add new implementations to ensure that businesses are taking the most appropriate measures to protect themselves against the evolving threat landscape. But PCI compliance is only the beginning, you must also:
- Update POS Systems– The responsibility to cover losses born from fraud will shift from credit cards & banks to the merchant later this year. For this reason, all retailers with outdated POS systems should move to embrace EMV technology as soon as possible. EMV cards contain embedded microchips for account verification and are much more secure than cards that rely on a magnetic strip. While adopting new technology always presents a challenge for small business owners, merchants can’t afford to not take this step.
- Encrypt and Tokenize– Implement full disk encryption on each company-issued computer and mobile device. System passwords alone offer little defense against off-site hacking attempts. By layering encryption and tokenization with EMV and POS compatible systems, merchants can minimize security weaknesses and address authorization vulnerabilities. During the transaction process, data is most vulnerable immediately before and immediately after authorization. Encryption and tokenization protects against this. Further, encrypted and tokenized data holds no value; it is just a random, unusable string of numbers/characters.
- Establish, Update, & Maintain a Security Policy - Create and maintain an information security policy (featuring these procedures) to govern the steps and processes the business will take to protect its information. Make sure this policy is shared with your entire team to help them know what is expected, how security plays into their role, and its importance to the business.
Following these tips will help minimize, if not nearly eliminate, the risk of hacks and malware from doing damage to your online systems. As a business owner, it is your responsibility to identify threats to your business systems, and to take the necessary steps to develop a strong security footprint. Doing so involves educating your staff and proactively mitigating risks wherever you can. It will never be a perfect system, but preventing a security breach at your organization is a lot less costly than repairing one.