Judging by numbers gathered by the U.S. Census Bureau, small businesses created more than 61 percent of new jobs between 1993 and 2016. Moreover, in 2016, employer firms with 100 or fewer workers represented more than 98 percent of the American economy.
This information tells us that small businesses have a far larger footprint than most of us think. It also means they are, consequently, more of a target for data breaches than they’d probably like to believe. With the world, its people and its businesses more reliant than ever on data systems and internet connectivity, one big question for small employers is how to prevent data breaches before they happen.
If you’re a small business owner, here are some practical steps you can begin taking, today, to protect yourself, your employees and your customers and clients.
Remember the Basics
It’s important to remember that not every data breach is due to “hackers.” In any case where personal or company information has been compromised, it’s the thieves who are first and foremost at fault — but that doesn’t mean we need to leave the doors open for them. Human negligence is responsible for lots of the data breaches that happen in a given year, and it leaves information like credit card numbers, routing numbers, client names and addresses and Social Security numbers vulnerable.
Some of the best prevention measures are 100 percent free — and that means taking the security basics seriously. Whether you employ 10 people or 1,000, make security “hygiene” an integral part of your training process. Secure every personal and company-owned web property with a strong passcode, then store them in a password manager rather than on sticky notes beside your desk.
It’s important to remember that hardware is a common point of failure too. Protect your home screens with passwords. If you use mobile devices to conduct business out in the field, enable its remote wipe feature so that you have peace of mind if the device is stolen or lost. Every major device manufacturer makes this wiping easy to do.
Use Email and Social Media Skeptically
Social media and email are great tools for keeping in touch with people we care about and for reaching out to prospects and partners, but they’re also havens for people who intend to prey on the credulous and those who trust too easily.
If your business and employees use email and social media for market research, correspondence, outreach or anything else, here are some reminders about how to stay skeptical and avoid phishing and other schemes that might open you to attack:
- Double-check the sender for every email you receive. Make sure it matches known addresses for the business they claim to represent.
- Look for spelling mistakes in “official-looking” correspondence. This element is often, but not always, a sign of shenanigans.
- Check every URL before clicking it by hovering over it. Be sure the domain matches the company’s official pages.
- Navigate directly to websites instead of following a link that you found somewhere or that was sent to you in a message or advertisement.
Some 52 percent of small businesses post on social media daily. Make sure everybody under your roof knows how to engage with these channels safely. All it takes is one bad click in an emailed link or poorly vetted social media ad to open your network to malware or ransomware.
Take Firmware and Software Updates Seriously
In the years since Tim Cook took the reins at Apple, over-the-air software updates for iOS products have increased in frequency by more than 50 percent. One interpretation is that these devices are getting buggier. The bigger picture is more complicated given that most and probably all of these updates included patches for newly surfaced security exploits.
Here’s the point: Small businesses these days use a panoply of increasingly sophisticated hardware and software to keep the wheels of commerce turning. Mobile phones, tablets, desktops and laptops, routers, wearables, smart security cameras, intelligent HVAC systems and many other devices are all in the mix. Since there’s no tidy blanket solution for keeping our IoT — Internet of Things — networks safe, it means we have to deploy passwords and software updates at the device level.
Don’t neglect these updates. Whenever you can, opt for automatic software updates. If you do rely on IoT devices with designers who didn’t take security seriously in the design phase, create a separate network within your organization for these devices specifically. As we’ve seen too often recently, badly designed IoT devices — or those whose owners neglected software updates — can be a popular back door into mission-critical networks and extremely sensitive databases.
Utilize Data Access Controls and Encryption
As your company grows and you expand your reach, you’ll begin to store more, and more types, of data. You’ll eventually have to expand your team to handle it all. Only designated personnel should have access to your most sensitive data. You can grant and retract data access by employee or by department, but the goal is the same: to shrink your “threat surface.”
It’s essential that you engage with cloud storage services with equal wariness and foresight. Everybody knows what “the cloud” is and why it’s useful — but cloud encryption is relatively new. If your small business uses an SaaS (software as a service) vendor for remote storage, it means placing your trust in their security protocols and the strength of their encryption. To protect your data even further, encrypt your files before sending them into the cloud for storage.
As a member of the small business community, you’re a vital part of the fabric of our nation and economy. You’re also, unfortunately, an increasingly tempting target for would-be data thieves. Remember these fundamentals to keep your company, your employees and your livelihood as safe as you can.