How to Keep Your Business Information Safe
In my last post, I talked a lot about business security against physical threats, such as employee theft and break-ins. In this post, let’s focus primarily on the importance of keeping your business secure against cybercrime. Many small business owners make the mistake of thinking that cybercrime only happens to big businesses; nothing could be further from the truth. Big businesses can afford to fight cyber criminals, so hackers have switched their focus to go after small business data. This doesn’t mean that your business’ data cannot be secured, however. There are simple, affordable steps you can take to protect your business’ information from hijackers.
Before I get into some ways to improve your cyber business security, let’s talk about why this is so important in the first place. You hear the stories in the news all the time. Hijackers are getting their hands on sensitive information through the Internet at record rates, but what exactly are they stealing? According to Ponemon Institute’s 2012 Cost of Cyber Crime Study, the primary objectives are:
- to steal intellectual property
- steal bank account information
- steal confidential business information
- spread computer viruses through business networks
- attack the national infrastructure
That’s heavy duty!
What’s it costing businesses? Well, Ponemon included 56 U.S. businesses in its 2012 study of varying size and industry, and the data concluded that:
- Cybercrime cost the 56 businesses studied an average of $8.9 million per year.
- Total cost per business ranged from $1.4 to $46 million depending on the business size.
- The cost of business cybercrime increased 6 percent from 2011 to 2012.
- Small businesses suffer greater cybercrime loss per capita than larger organizations.
- The 56 businesses were successfully infiltrated on average 102 times per week.
So, what can you do to ensure you are keeping your business secure against cybercrime and data theft? Here are some cost-effective suggestions:
Keep a Handle on Your Data Equipment
You don’t just have desktop computers anymore. You have laptops, handheld devices, wireless networking, and the ability to “dial in” to your business computer network from home. While all of this makes for an easier time staying on top of your business, it also puts everything out there for hackers to snatch. Mobile devices are not as secured as your computer network, and every time you stream information over your cell phone during lunch, you’ve just opened a line into your business’ data.
Stay on top of all of your business equipment, and make sure you know what your employees are doing too. If your employees access company information on their home computers or mobile devices, you’ve lost control over security measures and your data becomes vulnerable. Don’t have a “BYOD” – Bring Your Own Device – policy. If you do, make certain all electronic equipment is approved by you or your IT expert, properly secured, and used in accordance with your IT security policy.
Keep a Handle on the Amount of Data Equipment
While you’re ensuring that your employees are not streaming your company’s latest financial statements unsecured on their Smartphones, you should also consider keeping sensitive information restricted to one computer device only. Whether you have a brick-and-mortar business or an online shop, ensuring that all financial transactions run through one unit provides an extra layer of security.
Secure this computer to prevent your employees from using it for anything other than its intended purpose, such as visiting social networking websites or surfing the Web. Talk to your finance and IT people to determine the extra layers of protection to add to the computer. Once it is secured, don’t let anyone other than authorized personnel access the equipment.
Keep Everything Updated and Secured
Keep everything updated on all of your data equipment. Make certain all operating systems, hardware, and software have the latest updates, drivers, and patches. Secure all of your computer equipment with reputable virus protection that includes anti-malware and anti-spyware programs. Ensure your data is properly encrypted and use Web security analysis software to search for and identify malware activity on all incoming and outgoing data streams.
Make certain you teach your employees proper computer security etiquette, including changing their passwords regularly and adding an extra layer of password protection to any mobile or offsite data devices. And, although it won’t make you the most popular boss on the planet, activate “parental controls” on your employee computers, limiting their ability to access certain areas of the Internet and preventing them from being able to upload or download anything without permission.
Farm It Out
If you’re reading this and your head is beginning to spin, first of all, sorry! Secondly, farm it out! If you’re concerned about your own ability to encrypt your data and your financial transactions, don’t panic, there are plenty of people out there ready to help you with your business security against cyber-attacks. When purchasing your virus protection, talk with a representative about securing and encrypting your computer network and see what low-cost packages each vendor offers.
For your financial transactions, talk to your bank, or think PayPal or other merchant service companies in business to handle the transactions, data encryption, and any regulatory compliance issues for you. It might cost you a bit per transaction, but your peace of mind will be worth it in the end. These services help small business owners keep their clients’ financial information safe and secured.
Back It Up
Finally, you’ve gone to all this trouble to ensure that you are keeping your business secure, so make certain you have everything backed up just in case you still become the victim of cybercrime. Determine how long your company can live without its data to determine the best back-up method. If you need data recovery right away, back it up to a reliable cloud server offsite or onto a portable device that you can take with you. How much data you have dictates whether you can back up to a portable device, although thumb drives are now capable of handling 1 terabyte of data.
Other back-up methods include backing your data up to a separate server used exclusively for data recovery, backing your data up to another hard drive – I recommend an external hard drive that can be locked away, not an internal one – or the old-fashioned tape or disc back up. Whichever method you choose, ensure your back up is also secure. Not only by encrypting the data, but also by having the actual back up source locked securely somewhere where nobody can get to it.
Cybercrime is a real threat to all businesses, and should be addressed adequately in your business security plan. Ensuring your business’ data is safe protects you, your employees, and your customers from data and identity theft. Keeping your business secure is something you owe to your business and your customers. Just because you might be a mom-and-pop shop, doesn’t mean you shouldn’t keep all of your business information safe!