Cyber security tips for small business data protection
Keep your data safe with these eleven cyber security best practices
Data protection is a growing concern for many small businesses because cyber attacks are increasing, and they might not be prepared to handle them. In 2016, half of small businesses experienced a data breach, and 55% experienced a cyber attack according to a Ponemon Institute study.
These cyber incidents often lead to financial hardship, a damaged reputation and lost business that can be difficult to overcome. Luckily, there are ways to minimize the chances of this happening to you. Start protecting your business from virtual threats by following these eleven cyber security tips.
1. Create strong passwords and update them regularly
While it’s a basic computer security tip, its importance is often underestimated. Updating your network and account passwords on a routine basis is necessary to help prevent hackers and unauthorized people from accessing sensitive information. For example, critical passwords can be unintentionally shared or used by former employees without your permission or knowledge. Changing them lessens the risk.
Cell phones, laptops and financial apps are a few of the many things for which you should update passwords regularly. Many cyber experts recommend a password refresh every four to six weeks. Set a reminder in your calendar.
The longer your passwords are, the more secure they are. It’s best practice to include a mix of letters, numbers and special characters to make it more difficult for hackers to break them. Avoid writing your passwords down or listing them anywhere they could become compromised, like an unsecured file on your phone or laptop. Instead, use password managers that encrypt, store and organize your login information. Also, try to vary your passwords across different platforms.
2. Secure your network
Network security is a fundamental piece of cyber security protection that protects your computers, users and programs from cyber threats and intruders.
There are several measures you can take to secure your network. For example, firewalls can block threats from entering your network, and encryption tools can keep you safe when using your network. Additionally, anti-virus and anti-malware software can scan for suspicious activity and alert you of potential cyber threats.
If possible, set these programs up to automatically update when a new version is available. This will help keep you protected against new and emerging threats without having to remember to make updates.
3. Implement a strict email policy
Phishing and malware are two common cyber threats that are usually distributed via links and attachments in your email. Once clicked, these programs can let a hacker install dangerous software that might block your network access or steal sensitive data, such as credit card information.
A few of the many ways to protect yourself from these threats is to use spam filters and security software and educate employees on how to handle suspicious activity. Also, make it a policy to only connect to your email from a secure network. Logging into a public Wi-Fi network can make it easier for cyber criminals to gain access to your systems and data.
4. Be cautious of external devices
Removable devices like flash drives and external hard drives can contain malware capable of infecting your computer and spreading to other computers on your network. It’s best to avoid plugging any unknown devices into your computer to reduce your risk.
Avoid using portable devices to store or transfer confidential data. If you must, it’s important to immediately delete the file after it’s transferred. This can help minimize your risk if the device is lost. Keep track of these items and lock them in a secure place when they’re not in use.
5. Back up your data
This is a cyber security best practice. Failing to back up your data is risky for several reasons. For example, your storage device could be stolen, or you could be locked out of your network indefinitely by malware.
Saving your data in multiple locations is a smart way to prevent permanent data loss if something goes wrong. Consider using a digital cloud service to back up your files. The “cloud” is online storage and software that’s offered as a service by companies that specialize in maintaining secure networks. This allows you to securely store and access your data from the internet. Cloud storage services also encrypt your data, which makes it safer than many other back up methods.
6. Limit access to sensitive data
Not everyone needs access to your network. Reduce your chance of a data breach by limiting network access only to relevant employees, contractors and vendors. And only give them access to what they need. For example, if you use a payroll program, only give login information to those who work on payroll. Make sure to use different passwords for all programs so people can’t gain access to things they shouldn’t.
When working with a third-party, make sure you encrypt files before sharing and only send what’s relevant. You might want to require them to have their own cyber insurance if they’re handling your confidential data.
7. Consider cyber insurance
Small businesses are often targeted by cyber criminals because they typically lack the time and resources needed to secure their systems or handle suspicious activity. This leaves them especially vulnerable to cyber attacks that can be difficult to overcome on their own.
Many insurance companies recognize the exposure these small business owners face and have developed affordable cyber insurance to fill the gap. It can be customized to their needs and budget. You’ll want to consider coverage especially if you accept credit card transactions, store sensitive data or have online business accounts.
8. Don’t leave your devices unattended
Employee and contractor error accounts for 48% of small business data breaches according to a 2016 Ponemon Institute study. Leaving laptops, cell phones, flash drives and other devices unattended puts your business at risk.
Working from various job sites or public places increases your exposure. Avoid leaving makeshift workspaces, like coffee shops and libraries, without your devices, even if only temporarily. Always store them out of view, and never leave them in high-risk places, like your car.
9. Know your digital footprint
Try doing a simple online search to reveal public information about you and your business. You might be surprised at the results. Cyber criminals use online information to target small businesses, so make sure you remove any unwanted or sensitive material.
Social media profiles, websites, news articles and financial accounts are a few of the many channels you should evaluate. Delete any accounts you no longer use and check your privacy settings on the accounts you keep. Assess your content, photos, customer reviews and forum posts as well.
Continue to monitor your digital presence on a regular basis to keep your business protected.
10. Train your employees and contractors
Educate employees and contractors about online cyber threats and how to protect your data. This includes how to follow safe email practices, report suspicious activity and use computers and external devices safely, to name a few.
Additionally, any personal activity should be kept to their own computers or smart phones. This reduces the risk of a cyber incident coming from their personal devices. Establishing guidelines and holding your employees accountable can help enforce your cyber security policy.
11. Have a cyber plan
An incident response plan is a pre-planned process for handling a cyber incident that can help to reduce costs and damages. Cyber incidents tend to cause anxiety, so planning ahead of time is worth it, whether you’re a sole proprietor or have several employees. Think of it as an investment in your business.
Make sure your plan includes clear procedures so anyone in your business can report an incident. Be sure to list the contact information of both your cyber security vendor and cyber insurance company.
You could face interruptions to your business depending on the severity of a breach. Develop a business continuity plan so your business can operate following a disaster.