Whether they feel they’re simply too small to be a target, or they’re concerned that putting security measures in place is going to be too complex or costly, many small and medium business owners fail to invest in adequate data protection.
In reality, smaller corporations often make easier targets for cybercriminals, and are just as at risk. And sadly, because many small businesses simply don’t have the resources or funds to recover from a major data breach, one disaster can mean the end of the company.
The good news is that making a few relatively simple adjustments and improvements can prevent this from happening.
Start at the beginning – what data do you have, how sensitive is it, and where are you keeping it?
For most companies, information that could be considered sensitive includes anything that could be used to identify someone – whether that’s a client or an employee. It could be information like dates of birth, addresses, email addresses, phone numbers and the like. By law, you’re required to keep this kind of data safe. Who has access to it? Is the device you’re storing this data on secure? Just by asking yourself these basic questions, you’ll likely identify potential weaknesses in the way you’re doing things currently.
Consider the information your business simply couldn’t operate without. It makes logical sense to keep this data, as well as identifying information on clients and employees, separate and well secured. Access to this data should only be given to employees who really need it to perform their jobs and should be immediately revoked should that employee leave the company.
Invest in good basic antivirus, antimalware and antispyware software for all the devices your staff uses
This goes for the devices your employees bring from home too. There are a host of affordable solutions out there, and it’s well worth paying a small monthly fee that will ensure your software is automatically updated with the latest threats and offers real time protection.
Train and educate your employees the right way for data protection
It’s one thing to tell your employees never to click a suspicious link in an email – but what does a ‘suspicious link’ even look like in the first place? Do they understand why it’s important to have those long and complex passwords in place, the ones that are near impossible to remember? Do they know why it’s important to immediately report the theft of a smartphone they used to check their work emails from time to time? Try to offer lots of examples wherever possible rather than just ticking boxes. Encourage feedback and suggestions for improvement and consider electing a data protection champion to lead the drive.
Protect your physical data too
Remember that it’s not always hackers and cybercriminals that cause companies to lose data – sometimes it’s good old-fashioned human error or hardware failure. If you’ve got crucial business information your company simply can’t function without, invest in the appropriate solutions – whether that’s cloud backups, disaster, hard drive or RAID data recovery.
Have data breach insurance in place
Chat with your current insurer about the options they offer – most providers will now offer good basic data breach insurance cover as a small add-on to your monthly premium. This is especially important if the loss of critical data could result in a financial burden the company would be unable to recover from.
Protect what you collect, and don’t collect what you don’t need
Protect yourself against ransomware attacks by backing up data to an offsite location
Ransomware is big business, and if you’ve had to cough up to release your data once, you’re likely to become a target again. Ransomware doesn’t work if you’re able to restore the data you need to continue doing business independently, however.
Use multiple layers of data protection
Try not to have all your security eggs in one basket, but to implement protection at all levels of your business – from physical access to your premises to encrypting customer data you send via email and making use of two-factor authentication, to appropriate firewall technology for online threats.