What small businesses really need to know about cybersecurity
Most don’t realize they are in jeopardy of something happening to them or their data
Data breaches and cybersecurity sound scary and expensive, and they can be, if you ignore it.
Most small businesses don’t realize that they are in jeopardy of something happening to them or their data. More than half of small businesses say that they depend on the Internet for day-to-day operations, and most small businesses believe that they are too small to be a target for a hacker.
However, they are big targets, and here’s why: When you think about the motivation of hackers, it’s all about the money or a means to get money – through identity theft in one way or another. Unlike larger businesses, small businesses are an easy target because most do not apply safeguards or if they do, they are the bare minimum and may be ineffective.
Think about the sensitive information that your small business has possession of, especially electronically. Employee Social Security numbers, banking information for direct deposit, and health insurance information is information that hackers are looking to get a hold of.
In addition to employee information, does your small business process credit cards in some manner? Even if you use services such as PayPal or Square, you are still obligated to protect certain aspects of the business process. In addition, what about your client or customer information? You probably don’t want that information made public or available to your competition.
It’s important to realize that if at a minimum, any of the personal information were to be disclosed, there are 47 different data breach notification laws in place, and if you want to do business with residents in any of those states, you’d better understand the requirements for breach notification.
You obviously don’t want to get into that situation in the first place. Just like everything in life, if you take a little bit of time and learn the basics you’ll discover that with some precautions, you can reduce your risk greatly.
Where to start? Here are a few tips:
1. Start with establishing some “rules” around your sensitive data, using the computer resources and what you expect of employees in handling or using both. It’s important to set the expectations, write the rules down, and make sure others follow them. These documents will become your cybersecurity policies.
2. Train employees on established basic security practices and on the rules of behavior in No. 1.
3. Ensure latest software updates are applied to all computers.
4. Control access to sensitive data in both electronic and hard copy form. Apply the “need to know” rule for access.
5. Use strong passwords (more than 8 characters with mix case letters and numbers, for example) on your computer accounts and smartphones! Moreover, change them frequently.
6. Have a plan – even if it is only one page. It is important to describe how you will protect your data.
Candy Alexander is a New Hampshire-based cybersecurity consultant and a member of the board of directors of the Information Systems Security Association.