What do the following organizations have in common: Target, New York Times, Wall Street Journal, Facebook and Twitter?
They have all had to deal with data breaches in the past year.
As a small business owner, you don’t have to worry about being hacked because you aren’t nearly as big as these guys, right? Wrong.
When a government agency or a bank has their data lost or stolen the news will cover it, but the thousands of small businesses who deal with this will never make the news so we assume we are safe from the threat. The reality is this; with more and more business transactions taking place online and more financial information being stored to automate payments, businesses of all sizes are at risk of being hacked and having their data stolen.
That’s the bad news. The good news is you can set up layers of security that will protect you so you aren’t a target for the bad guys.
Use Tough Passwords
Too many businesses do not force passwords on desktops or mobile devices and for those that do force a password to be applied, the level of password is far too easy to be hacked leaving your network open to being compromised.
A mix of letters, numbers and characters should always be used and you should never use obvious passwords such as your last name or the always famous “Password1”.
And when it comes to accessing actual data you should have multiple layers of passwords to ensure it is secure.
Start being secure with the simple things. You have a PIN on your bank card you should have a password on all of your technology devices.
Any customer data you store in a backup or is transferred offsite should be encrypted. There are many ways of encrypting data so that even if it is stolen or lost there is still another level of security added to keep the data safe.
In fact data encryption is something used by hackers. In the past year a virus called Cryptolocker was attacking many organizations from police to small businesses around the world and the attack was simple – it encrypted your data until you paid the ransom.
Even if those who want to be malicious get around your security make sure they hit a wall when they try to read anything.
Ensure You are Following Best Practices
A hacker will look at vulnerable areas of a business to decide where and if they want to try and access their data. If you are following best practices you can eliminate these vulnerabilities and lower the risk of being attacked and having your data breached.
TDCNet performs network audits for our clients to ensure that they are following a list of 96 best practices that we have developed from our years of experience. To see if you would pass the audit click here to read our best practice measures.
Start From the Outside In
To prevent being hacked you should start with a firewall that will protect you from malicious attacks. Having a Unified Threat Management system applied to your network adds a first line of defense to your security that should help filter out emails, links and other potentially dangerous information from accessing your network.
If they can’t get in, they can’t get anything out.
Have Processes to Track Data
Not all risks are from outside of the organization. Unfortunately you will have to deal with both human error and insiders trying to steal your information. Ensure that you have proper logging and business processes in place to mitigate both of these concerns.
Test Your Systems Regularly
Doing an audit or review of your risks is great. Doing them once and never looking back is not. The threats and risks to having your customer data compromised is constantly changing and so should you.
Work with your IT provider to implement regular testing and reviews of your systems and business processes to ensure you always following best practices and are prepared for any of the latest security threats you may face.
Keep Your Systems up to Date
Whether you are using a PC or Mac, make sure your device is up to date with any security patches pushed out by the operating system manufacturers. These are sent when a flaw in the program is found which will leave you open to risks from hackers and are updated regularly so you should have a process in place to ensure all machines are being updated.
This should be done centrally by your IT provider on a set schedule and not left to the end user to decide when and what should be updated.
These are just a few of the steps to follow to mitigate the risk and lower your chance of being targeted by hackers and insiders with malice in mind. Of course you should always have a plan to deal with a data breach should it occur but by following a list of best practices and working with your IT provider to ensure everything is up to date the chances of you needing to use that plan will be minimized greatly.
Posted by Michael D’Agostino