We’re fortunate to earn money when you click on links to products or services we already know and love. This helps support the blog and allows us to continue to release free content. Read our full disclosure here.
If you’re a small business owner who feels confident that no hacker would be interested in your data, think again. According to the Congressional Small Business Committee, 71 percent of cyberattacks happen to businesses with fewer than 100 employees. Larger businesses may have more data, but the general perception of small companies is that they have less effective data security and, therefore, are more vulnerable targets. Nevertheless, it’s incumbent upon every company, regardless of size, to enact and follow data security best practices. Heed this wise advice from the Vermillion team.
Your obligation to safeguard customers’ sensitive data is more than a customer relations issue; it may be a legal matter. For example, some companies in New York state are required to adhere to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, a landmark achievement that stipulates companies must have security infrastructure to guard against cyberattacks. At least 25 states have also initiated this type of data security legislation.
The Federal Communications Commission (FCC) recommends that all small to mid-sized businesses set up a security firewall to protect sensitive data. In fact, some companies have elected to erect multiple internal firewalls to bolster data protection and protect customers’ sensitive information. Ensure that employees who work remotely from home understand the importance of operating behind a home-network firewall.
Human error is a common factor in successful cyberattacks. Distracted employees may accidentally click on a link or open an attachment they shouldn’t, activating a phishing or ransomware attack. Human error is why it’s important to install anti-malware software throughout your computer network. It’s not always a fail-safe measure, but it does give your company an important level of added security.
Make It Official
When it comes to cybersecurity and your customers’ data, word of mouth isn’t enough to make sure employees understand your security regulations. Documenting your cybersecurity policy leaves no room for misunderstanding, and makes official your commitment to secure and responsible policies. There are online resources that can help your IT personnel initiate an adequate policy and training program for staff.
Personal Device Security
A growing number of companies are permitting employees to use their own devices in the performance of their jobs and the transmission of data. It may be convenient, but it leaves a hole in your company’s security. Publish a documented policy that addresses security precautions where the use of personal devices is concerned. Norton by Symantec advises that small companies make it mandatory for employees to apply regular automatic security updates and that the company’s policy on password security should apply to all personal devices.
Stay apprised of new and more sophisticated threats to your data, and pass that information along to staff. For example, employees innocently checking out a website or engaging in a little social media interaction at lunchtime may be victimized by AI chatbots designed for malicious intentions. Making your employees aware of such a threat can help prevent destructive data incursion.
Multi-factor authentication is state-of-the-art in log-in security. Instead of relying on a traditional password to protect your data, multi-factor authentication adds needed security to all your systems.
When The Worst Happens
If your small business becomes the victim of a phishing attack, ransomware attack, or other scam that results in data loss, a quick response is important. If you have one, consult with your IT department immediately following a breach. If you don’t, it’s wise to have tools and a plan in place to help you recover your business’s — and your clients’ — precious data. Do some research to find a solution that will help your company land on its feet as quickly as possible. Small businesses, corporations and state governments are better understanding the need to guard against cyberattacks and to protect customers’ data. Failing to take adequate steps is dangerous and potentially self-destructive. Ultimately, your best approach is to bolster the security of automated systems and educate staff on how to avoid the kind of damage that often results from human oversight.