Data Security: 10 Tips for Protecting Your Small Business
Small business owners often don’t know where to start when it comes to data security or even have the time to devote to doing it. Although the U.S. government is developing stricter penalties for cyber-attacks, an ounce of prevention is always worth the time. Here are 10 tips to help protect your data.
1. Identify Sensitive Data
Every company has sensitive data, including financial records, employee personal information, or consumer credit card details. Make sure you know where this information is stored, whether on computers, laptops, or servers, and that adequate protection exists at each level.
2. Control Access
Once you know where this data resides, make sure you know who has access. Never give anyone, even an IT administrator, blanket access to all data with no oversight. Keep records about who uses data as well and when they use it, so a trail exists if files go missing or are compromised. Limiting access also helps prevent unintended disclosure of information by employees using social media sites or personal mobile devices.
3. Don’t Ignore Mobile
The rising bring-your-own-device (BYOD) trend means more mobile devices than ever in the workplace. As a result, many employees keep both work and personal data on phones and tablets, but they often don’t have sufficient security measures in place to prevent an attack or a loss. Owners can’t stop mobile use, but they can create solid at-work use policies. Several options exist for handling mobile data, including secure apps and virtualization technology that “splits” a device into two separate, equally secure parts.
4. Consider the Cloud
Despite some of the negative security press surrounding “the cloud”, cloud storage is a real option. By storing information offsite and under a robust cloud provider agreement, companies not only limit the chance of an attack, but they have access to data backup in the event of a disaster.
5. Encrypt What You Have
If you do choose to keep data onsite, encrypt it. Many databases, applications, and security suites offer data encryption services. Use a secure encryption technique so that even if information is stolen, it can’t be easily compromised.
6. Hire the Right Help
For many small business owners, hiring a dedicated IT pro makes sense to manage compliance and security issues. Before bringing on any new talent, however, make sure to do your homework. Conduct background checks and check references. In-house data theft remains a huge problem for businesses.
7. Control Downloads
Just as too-broad access can expose your data, so can downloading data that contains spyware. Imposing strict download controls is one way to sidestep this problem. In the long term, companies are better served by creating a culture of security and protection, one where every employee knows his role and understands the value of downloading apps and software only from reputable sites.
8. Think About Paper
In a digital world, many small business owners forget the power of paper. Physical statements that contain credit card data or personal information can be recovered from trashcans or recycling bins. Shred all sensitive documents with a quality, high-security shredder once you transfer them to a digital format, and employ a secure shredding company to dispose of the remains.
9. Secure Your Network
One of the easiest ways to do business in a small office is by using a wireless network. If left unsecured, however, these networks are also easy to attack. Make sure your wireless network has a password, and use WPA2 encryption rather than WEP.
10. Update Passwords
According to Trustwave, “Password1” remains popular because it meets most automated security system requirements. Small business owners should periodically review all passwords being used in their system and change those that aren’t secure. Change passwords once every few months, especially if your employees leave the company or use third-party providers for IT functions.
By implementing these 10 simple data security tips, small business owners can significantly reduce the risk of data loss, compromise, or attack.