Cybersecurity should be a part of your business plan regardless of the size of your business. Criminals will go after data, such as business information, and customers’ and employees’ personal information including credit card numbers, social security numbers and personally-identifying information such as an address, phone number, and so on.
Many people think hackers are looking to steal data only from large institutions such as banks or credit card companies, but any information is valuable to a hacker. Many small businesses often don’t have a strong defense against hackers that large corporations do, so they may be easier to hack.
Here are some simple steps you can take to insure the safety of your business and your customers.
- Be proactive. The best tool to start with is a plan for protecting your systems, as well as a plan for saving data, and running the business and notifying customers if you experience a breach.
- For your Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
- Have a firewall in place. A firewall prevents outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online.
- Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Administrative privileges should only be given to trusted IT staff and key personnel.
- Use passwords and encryption for all laptops, tablets and smart devices. Don’t leave these devices unattended, as they can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee, and require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the device is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
- Require employees to use strong passwords and change passwords at least every few months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. “Strong” passwords are at least 12 characters and are a mix of capital and lowercase letters, numbers, and symbols. Also, limit the number of unsuccessful log-in attempts.
- Implement a regular schedule of training and keep employees updated on security procedures. Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data. Do not provide anyone employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs.
- Keep your computers “clean”. Have the latest security software, web browser, and operating systems installed. These are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update, and install key software updates as soon as they are available.
- Make backup copies of important business data and information. Regularly back up critical data, such as spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files, on all computers. Backup data automatically or on a pre-determined basis, at least weekly. Back up important files offline, on an external hard drive or in the cloud. Make sure you store paper files securely, too!
- Consider cyber liability insurance. Talk with your independent insurance agent about cyber liability coverage, which can help in the event of a data breach. Such coverage should provide data security and privacy coverage for first-party losses and third-party liability claims handling and breach response management. This type of coverage helps in cases where private information concerning your business, your employees, or your customers is stolen or made public.
Give yourself some peace of mind with a few common steps to keep your business humming!