We’ve all heard about high-profile security breaches, from the Equifax data breach of 2017 to the Stuxnet virus. But small businesses are also at risk. Here are several security recommendations to protect yourself and your customers from cyberthreats.
Use antivirus and antispyware software.
Make sure each of your business’s computers is equipped with antivirus software and antispyware. Such software is readily available from a variety of vendors, and all software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Importantly, configure all software to install updates automatically. Ensure the software protects all pages on your public-facing websites, not just the checkout and sign-up pages.
Secure your networks.
Use a firewall and encrypt information to help safeguard your Internet connection. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
Establish security practices and policies to protect sensitive information.
Establish policies on how employees should handle and protect personally identifiable information, such as birth dates and social security numbers, and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies.
Educate employees about cyberthreats and hold them accountable.
Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites. Employees should be educated about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Hold employees accountable to the business’s Internet security policies and procedures.
Require employees to use strong passwords and to change them often.
Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
Use a Virtual Private Network, or VPN.
A VPN, or Virtual Private Network, is a service that allows you to connect to the internet via a server run by a VPN provider. All data traveling between your computer, phone or tablet, and this “VPN server” is securely encrypted.
Employ best practices on payment cards.
Work with your bank or credit card processors to ensure it is using the most current, trusted and validated tools and anti-fraud services. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments as employees use to surf the Internet.
Back up important business data and information.
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. There are numerous services to which a business can subscribe as well as a wide range of back-up software that will handle the back-up functions automatically.
Control physical access to computers and network components.
It is vital to prevent access or use of business computers by unauthorized individuals. Laptops are particularly easy targets for theft (or can be lost), so they should be locked up when unattended. Cable locks are readily obtained at electronics stores or online. Create a separate user account for each employee, and require strong passwords. Grant administrative privileges only to trusted IT staff and key personnel.
Create a mobile device action plan.
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password- protect their devices, encrypt their data, and install security apps to prevent the theft of information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.