Small businesses are an important part of the economy since they can have a large footprint on business and commerce, both offline and online. But is providing service and support enough? There is a growing need to protect customers and their data to ensure their safety and security.
Ponemon Institute, in a recent study, found out that 90% of the attacks and data breaches impact these small businesses. Small business need to have a strong data security policy. Here are 10 tips to protect and secure your data:
- Be PCI compliant: If you are accepting major credit cards and offer other modes of online payments, then PCI DSS is the most basic and standard form of protection that you can offer your customers. Employ SSL to send and receive data through the servers.
- Isolate and Encrypt sensitive data: Whether you are using mobile, web, email, backup solutions, or cloud, it is imperative that sensitive data should be encrypted. Another way to reduce associated risks is to isolate the data to a minimum number of machines. If you can segregate it from the network then by all means do it.
- Employee background check: It is a thumb rule to get at least two references for every new employee that you hire. More is even better. Call their previous employers and talk to them. Check their credit history, criminal records, and conduct interviews to cross check if they are lying.
- Control access levels: Not everyone on your team should be allowed to access all the data in the system. There is a strong need for controlling who is allowed to access which part of the server and why. Allowing blanket access, even to the IT administrator without oversight can be a dangerous move. Create firm policies and keep records so that there is always a trail leading back to the person who can be held accountable. Use passwords and finger print scanners to prevent access to sensitive areas of your office.
- Train your employees: As your business grows, you will find it difficult to manage everything by yourself. Train your employees in the art of security practices and lay down firm policies. Issue guidelines with a clear list of dos and dont’s and prescribe penalties for overlooking them.
- Automatic and regular backups: Ask your IT administrator to setup up a system where regular backup of all your data is made to a remote server, preferably offline, or cloud. Automatic backups will save you a lot of time and give you one less thing to worry about. Always have a contingency plan ready for an emergency.
- Updates and Patches: This is another thumb rule. Update all the software programs and apps that you are using at the earliest time possible. Vendors keep fixing bugs and release patches for apps, software, email clients, and operating systems (desktop and mobile). New threats are emerging and with that, there is a need to be ready at all times.
- Cloud solutions and experts: If you are finding it difficult to manage your IT and Data Security related tasks, then it is time to hire experts and move your system to the cloud. They have the knowledge, infrastructure, time, personnel, and experience to handle your data relieving you for other work. Reliable CSP will help you handle risks, fight back threats, and prevent cyber-attacks.
- Shredder: Sometimes papers go unnoticed in the digital world. Use a shredder to destroy all printouts, Xerox and other important papers that are no longer required. Do no throw them in the waste bins after tearing them up or allow them to be lying around in a heap.
- Strong Passwords: Use strong and complicated passwords that is not related to names, people, hobbies, dates, and other things that is related to you in some way. A recent report says that “123456” is still one of the most commonly used passwords. Incredible!
Paul Zaichenko is the owner and CEO of Computer Answers, a Business IT services and computer repair services provider with 5 locations throughout the capital region. Paul writes for his own blog, and often is featured as expert on IT and security. Computer Answers has been helping businesses in the capital region with their IT needs for the last 10 years, and would like to offer all local business owners a free IT consultation. Reach them at firstname.lastname@example.org or visit their website today.