Many small business owners believe that they are “too small to fail.” They are under the mistaken impression that cyber criminals only target big companies, and are horrified when they learn the hard way that they could not be more wrong.
Instead of basking in a false sense of security, now is the time to take action to reduce your risk of becoming the next victim of a data breach or fraud.
Become security aware
Your first job is to understand the security landscape as it exists today. That means taking the time to learn about the types of attacks that small businesses often experience, including ransomware, phishing and social engineering schemes.
Next, create an environment where data security is at the top of everyone’s minds. Provide training to staff at all levels on what you have learned, making sure to focus on security red flags.
These include suspicious or unknown files, unusual system behavior, dubious system communications, outdated antivirus and security programs, and changes in credit ratings and other company-specific details stored on your networks.
Develop and share a set of security protocols
Creating and disseminating a complete set of security standards to all staff and other stakeholders helps to protect your resources from harm, and can even reduce online security issues. These protocols should take all data into consideration and should dictate who has access to what information.
Additionally, you should prepare for the worst by also including mitigation, containment and response strategies that will be triggered if a data breach occurs.
Be sure to specify which staff member is responsible for each task to maximize accountability, and include details about which stakeholders should be informed, as the plan to get your business up and running again after the event is addressed.
Protect your passwords
Weak or predictable passwords are the chink in many businesses’ armor that cyber criminals exploit to usurp other security protections.
That is why it is essential to insist that everyone set strong passwords made up of a mixture of letters, symbols and numbers that are changed on a regular basis, preferably every three months.
Because we humans resist change, it’s a smart idea to configure your systems to require robust passwords and make regular modifications mandatory.
Additionally, train everyone to keep their passwords out of the view of others. Only give administrative privileges to those who need them, and consider also implementing added levels of security such as two-factor authentication.
Be careful about third-party vendors
The merchant services provider with whom you collaborate should be as careful about data security as you are. Be sure that they are in compliance with the Payment Card Industry Data Security Standard (PCI DSS) that protects cardholder information.
Also, find out if they update their security systems and software regularly. If they don’t, you are better off shopping around for a provider who does.
Insist that they take steps to protect your customers’ payment data and personal details throughout all financial transactions. A good payment processor should set you up with systems that are safeguarded with anti-fraud, address verification and 3D Secure protocols.
This not only keeps data shielded from attack but also reduces chargebacks stemming from buyer dissatisfaction after a security failure.
Secure mobile devices
Along with exploiting weak passwords, bad actors are gaining entrance into small businesses’ systems by means of employees’ mobile phones. Keep everyone with sensitive company data on their devices from harm by requiring them to protect their phones and tablets and data with passwords and encryption as well as to install security apps.
Although tablets and mobile phones are convenient, their portability makes them vulnerable to loss and theft. Institute a policy requiring anyone whose device has been lost or stolen to report it immediately so that you can take steps to erase the data remotely.
Protect yourself with backups
We all know the sinking feeling that comes when we lose unsaved data. Don’t let that happen to you on a business-wide scale.
Reduce your risk of suffering the worst effects of a ransomware or data breach scheme by backing up all business data and information in the cloud.
Focus on spreadsheets, word processing documents, financial files, databases, accounts receivable/payable data and human resources files. Taking this step will enable you to minimize risk and reduce disruption times should the worst occur.
Even sole proprietorships cannot escape the reality of fraud and other types of security breaches.
However, acting in advance to safeguard your resources reduces your risk and protects the systems, data and customers you have worked so hard to cultivate.