Small businesses are a popular target of cyber criminals. Thousands of attacks happen every day, successful ones can cost organizations hundreds of thousands of dollars, and over half of small businesses soon close following a successful cyberattack. Fortunately, there are effective measures you can take to prevent hackers, scammers, and other ne’er-do-wells from compromising your network, stealing information, and harming your organization, employees, clients, or customers.
Data security best practices
- Protect your network with security software and keep this software up-to-date. A quality firewall is a must. As is encryption for your sensitive files.
- Install quality antivirus and anti-malware software on all computers used for company purposes, and set up regular scans.
- Back-up your databases on a regular basis. If your files are ever compromised, you don’t want to lose everything. Having a recent backup will enable you to restore your data so you can continue to operate.
- Train employees on your internet safety and security policy and procedures, your security software, recognizing potential security threats, and creating strong passwords. Training also should include your response plan.
- Regarding passwords, avoid dictionary words. Use multiple letters, numbers, and symbols. Phrases or long acronyms are especially hard to ascertain or break.
- Note in your policy what security measures employees should follow when they’re out of the office and not using your firewall and secure network.
- Be extremely cautious of unexpected emails that ask you to click a link to log into an account to update information or fix a problem. These are likely fake and designed to steal valuable information.
- Never enter credit card numbers or other valuable information on a website that is not secure. If a website is secure, its URL will begin with HTTPS, instead of just HTTP. You should also double check that you’re on the site you intend to be on whenever entering such information.
- Never, ever email sensitive employee information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. Email databases and accounts are inherently insecure, and if malicious parties get access they can often see or get everything.
- Scammers may also pose as company executives or employees to steal information. If you receive a request to email any such sensitive information, do not respond to it.
- When getting rid of physical documents with sensitive information, use a secure shredding company to ensure proper disposal and that documents related to an employee's identity are secure.
- When getting rid of hardware or donating it, completely wipe its hard drives and storage. You don’t want someone finding an old company laptop, thumb drive, or computer and gaining access to information stored on it.