Small and medium businesses are constantly under the gun because they are expected to provide enterprise level services and products. However, customers also expect enterprise level security and privacy concerning their data.
Small businesses regularly collect information from other companies or customers for a number of reasons. This information can be as innocuous as an invoice, but more often than not sensitive personal information including credit card numbers, social security numbers, addresses and telephone numbers.
This information represents just the tip of the iceberg…
What about all your own business data? From sales reps accessing your network for inventory updates, to business information regarding sales numbers, tax bills and payroll all kept either in the cloud or potentially accessible online.
Now the real question: Do you have a full time IT department handling your online security and ensuring your perimeter defenses are not breached? If you answered no, it’s not uncommon for small businesses not to have IT staff. Below are some helpful tips:
Tip #1- Information Transfer
Starting from the bottom up is probably the wisest choice for businesses for one very good reason. The best firewall in the world may not be enough to protect you, but the best encryption in the world is almost uncrackable. Anywhere information is transferred, housed, stored, used, or accessed by a public network connection, it should be encrypted.
Whether you send emails, or data to suppliers, or simply house private customers data it should all be encrypted.
Tip # 2- Admin1234
If you are still using this password in this day and age then you`re in big trouble. Imagine using the best encryption software in the world to keep your data safe, then slapping on the most used password in the world. It is akin to buying Fort Knox and giving the keys to criminals.
Develop a culture of security surrounding passwords. Encourage strong passwords on all business essential accounts that are at least 8 characters in length, include a number, letter and non-standard character as well as at least 1 lower or upper case letter. Follow-up; by making everyone in the company change these passwords at least quarterly. Better yet, install two factor authentication protocols for anyone that gets access to your network. You will thank yourself for it in the long run.
Tip # 3- Nice Wall, Except for that Gaping Hole
If you never update your company’s primary software, you are begging to be attacked by cyber criminals. Zero-day attacks are popular in the news, but more often businesses are being hit through vulnerabilities in their software that have been known for month’s even years. Patch your software early and often. By keeping software up to date, you can often foil attacks and keep out the majority of attacks.
Tip #4- Compartmentalize
Why would you provide a one ring wall to keep outsiders out? The ring fort went out of style a thousand years ago, to keep using it is outdated and pointless . If you compartmentalize your data into different security compartments, such as keeping some information in the cloud under protection separate from other information stored locally; you can ensure that one successful attack does not compromise your entire business. Using multiple firewalls or multiple providers for different information sets is an excellent approach.
Tip #-5 Review
If you never look at your security reports and logs to review your security gaps, you leave open a window or backdoor that could have been closed when first discovered. Stay on top of your security and do annual reviews.