As a small business owner, you probably don’t think too much about cyber security. After all, why would anyone attack you when they can get hundreds of thousands of email addresses from Facebook? However, cyber criminals can go after anyone, and if you are handling customer records, finances, bank account information – which almost everyone is – then you need to take precautions to keep your company’s data and resources safe. Here are some basics to consider.
- Assess your security. Do you run an anti-virus and anti-malware program on all devices? Is anything connected to the internet behind a firewall? The National Cybersecurity Society has an online tool designed to help small businesses determine their risk and start to come up with a course of action.
- Educate your employees. Cyber hygiene is the best way to protect your business. Make sure that nobody involved in your business makes any of the following common mistakes:
- Using the same password for your work computer as you use for, say, a coupon site. Passwords should be unique.
- Writing down passwords and sticking them to your monitor. Somebody can break into the office and find the password.
- Using public wi-fi for work purposes. If you travel a lot and need to use public or hotel wi-fi, then invest in a VPN.
- Clicking on links in emails, especially links to banking and financial sites. Most banks will not have you click through an email, and banks will not send random emails asking you to “verify” your account.
- Downloading illegal or pirated material – not only can this get you infected with malware, but it’s a federal crime.
- Leaving laptops or phones unattended, even briefly, in public places. Laptop security cables can be useful on trains and planes. Phones, in particular, should not be left in hotel rooms as thefts are fairly common.
Ensure that employees know how to use strong passwords and recommend that they also protect their own devices with firewalls and malware protection. An employee who becomes a victim of identity theft can end up in a situation which affects the entire company, so help them protect themselves and their own financial data as well as yours.
- Apply basic software protection to any and all devices that connect to the internet. All computers, including Macs, should have anti-virus and malware protection software installed. Run scans regularly. Use a firewall – ideally one which masks the computer’s IP and makes it invisible to random attacks. Don’t allow employees to install any kind of unapproved software and educate them on the risks of installing unknown software they find on the internet on their own systems. If you are handling extremely sensitive data, then use drive encryption for an extra layer of protection.
- Develop a plan for what to do if you have a breach. Talk to your IT specialist about the best way to recover after an attack. Make sure you know who to call – engineers can use forensics to identify a breach. Have a plan for communicating the details to anyone who might be affected and for how you can make it right before anything happens – that way you don’t end up in a PR scramble if the worst happens. You will probably want the assistance of an IT expert with experience dealing with data breaches. Also, research the law in your state on who you should notify – some states require that you notify a government agency. Some breaches should be reported to the federal authorities – this applies primarily to financial services and healthcare. The state may also have requirements for notifying victims of the breach.
You can also get further resources on protecting your business and complying with laws on sensitive data from the DHS. Protecting your business from cyber attacks is as vital as protecting your office from break-ins or keeping up with the safety of your employees.