Electronic data security has become a rising problem for small businesses. As large companies have increased their security over the past several years, smaller companies that pay little attention to the issue have become easy prey for cyberattacks. Almost half of small businesses have now been the victims of some type of cyberattack, according to the National Small Business Association (NSBA). Not only will being “just a small company” not protect you, it may make you a target.
Security breaches can happen through the loss or theft of computers, disgruntled former employees, upset vendors or hacking. They can affect a company’s banking information, employee information and customer information. And in addition to monetary losses, they can cost you existing customers, your reputation and a lot of time and hassle.
With the increasing danger, a small business can’t afford to ignore the data security. Thankfully, there are many simple steps you can take to reduce your company’s vulnerability, even if you are not a computer expert.
• Maintain updated security software, web browsers, and computer operating systems. Run antivirus software after each update and install key software updates as soon as they are available.
• Keep updated copies of all important data and information, such as accounts receivable and payable files, human resources files, financial files and customer databases. If possible, automatically backup data at least weekly. Store the backup copies off-site or securely online.
• Create a separate user account for each employee. Give each employee access only to the information and data that they need to perform their jobs. Require administrative permission for any software installations.
• Require all employees to use unique passwords that change every three months. For access to more secure data, implement multifactor authentication, which requires additional information beyond a single password.
• Use different computers for handling sensitive information, such as payroll or point of sales, and doing non-secure activities, such as checking email and updating social media sites.
• If you get a suspicious pop-up window while browsing the Internet, do not click on anything. Instead, press and hold Alt-F4 to shut the browser window. Even clicking “ignore” or “exit” can allow your computer to get infected with a virus.
• Secure Wi-Fi networks by making them encrypted and hidden. To do this, set your Internet router to not broadcast the network name and require a password to access it.
• Delete all unused software and user accounts. Unused software and user accounts can potentially allow hackers to gain access to your computer system. This should especially be reviewed when installing new computer systems that come with factory default settings that are designed for ease-of-use, not security.
• Remove all data from computer hard drives before re-purposing, discarding, donating or selling. Deleting a file on a computer does not remove all traces or copies of it from a computer. The best way to ensure that all sensitive information is removed from a machine is to overwrite all available disk space.
For more tips on how to improve your company’s data security, visit the Federal Communications Commission’s webpage on cybersecurity for small businesses, http://www.fcc.gov/cyberforsmallbiz.
