5 Cybersecurity Tips for Small Businesses
Cybersecurity is essential to avoid data breaches and protect access to information. These tips can help.
Christy Beiber September 25, 2018
Today, small businesses often collect data on customers. Many also use digital tools to store important work. Whenever you have data that must be accessible, or customer information that could be vulnerable to hackers, it's imperative to take steps to protect these valuable digital assets. This means establishing and following best practices for cybersecurity.
These tips can help you ensure your company is as safe as possible from nefarious actors who could lead to data loss or information falling into the wrong hands.
1. Establish and enforce a password policy
Many hackers aren't sophisticated masterminds. Instead, they're successful scammers who use phishing emails to get you to give up your passwords, or they're able to obtain enough information from social media postings to guess your passwords and gain access.
To make sure your company isn't vulnerable to being hacked, every single person -- from the CEO down to the newest entry-level hire -- needs to follow the same strict rules for password security. This means using strong passwords with uppercase and lowercase letters, numbers, and special characters.
Make sure passwords are on the longer side so they can't be puzzled out by brute force, avoid using the same password for multiple sites, and don't use words that can be guessed easily, such as a pet's name or a spouse's name. And make sure passwords are changed every few months.
2. Implement two-factor authentication protocols
Another way to get closer to being hack-proof is to implement two-factor authentication. With two-factor authentication, not only is a password necessary to gain access, but the user also needs some other piece of information. For example, your sign-in process could require would-be users to receive a code via text or voice call that has to be entered to gain access.
There are comprehensive online guides to help you turn on two-factor authentication for company networks, although you'll likely need help from IT professionals. When you use third-party services, such as Gmail to manage company email, you can easily opt in to two-factor authentication by letting your provider know you're interested.
3. Limit access to information
When your company has especially sensitive information, it's important to restrict how many people have access to it. This might mean requiring additional passwords to access certain files or using encryption tools to keep the most private information secure.
You might also want to think seriously about whether it's worth the risk to give employees access to data on mobile and personal devices. The more connections to your network, the harder it is to control access -- and the more people who have company data on personal devices, the more difficult it is to strip access in the future when people leave your organization.
4. Provide employee training on cybersecurity
Your company's data is as vulnerable as your most careless employee. That means every worker should receive proper training on how to keep information secure.
This should include not only instructions on best practices for passwords but also training on:
- Email safety, including not clicking unknown links or downloading strange attachments.
- Limiting physical access to devices.
- Why it's important to avoid using unsecured public networks.
The more vulnerable your company is to being hacked, the more essential it is to provide this training.
5. Keep only what you need and destroy data before disposal
One of the biggest risks to your business is a data breach. Data breaches could lead to regulatory action and legal liability if customer information falls into the wrong hands.
To reduce the likelihood of a damaging breach, keep the absolute minimum amount of customer data. If you don't absolutely need credit card and Social Security information on file, don't keep it.
And when you dispose of old equipment, including hard drives, make sure there's no sensitive data by using special software to completely wipe out the info. Simply reformatting the drive might not be enough.
Your company can't afford to fail at cybersecurity
You don't want your business to be hacked, customer information to fall into the wrong hands, or nefarious actors to lock down your essential data and demand a ransom.
To make sure your networks and data are secure, take the time to get cybersecurity right. If you need help, talk to IT professionals -- it's far cheaper to get a consultation and create a plan than it is to deal with the loss of your data.