Think about a digital security breach in a business. Any will suffice for this illustration. Now, what kind of security breach did you picture?
Did you imagine a major corporation, like Target just a few years ago, leaking thousands of customers’ credit card numbers?
Did you imagine a team of hackers breaking into a major organization for personal data, like what happened with Ashley Madison just a few months back?
Assumptions and Misconceptions
Chances are, you envisioned a massive company being victimized by a group of hackers or an insider with a grudge, but that’s likely due to the high-profile nature of these breaches (as well as the portrayal of hacking in popular culture).
It might surprise you to know that 62 percent of all data breaches actually occur in small to mid-sized companies, undercutting the persistent myth that cyber security is only a concern for major businesses.
If you’re a small to mid-sized business owner, you need to know that your information is at risk unless you’re employing an up-to-date cyber security strategy.
Your proprietary information, your financial data, and even your customer data and relationships are vulnerable unless you take proactive action.
The Budget Problem
The trouble is, most small businesses operate with limited capital and revenue, especially in the first few years of operation.
They often can’t afford to hire a full-time IT department, or even a single IT employee, and enlisting the services of a dedicated IT firm could be out of reach due to budgetary or contractual concerns.
Still, even with little to no budget, there are measures that small businesses can take to protect their digital assets.
These five will get you started:
1. Use a VPN to encrypt your communications.
This measure will cost you a bit of money, but it’s simple and can easily ratchet up your degree of protection. Virtual Private Network (VPN) software is designed to encrypt your connections, and can prevent the possibility of a breach through publicized information.
VPNs also allow you secure, remote access to systems you aren’t physically connected to, serving as an additional benefit.
2. Use strong passwords and change them frequently.
Here are four relatively easy ways a hacker could gain access to your system. The first way is by guessing, over and over, until they guess correctly.
The second is by utilizing an algorithm to automate the guesswork until a correct combination is acquired.
The third is by using keystroke-tracking software to figure out the password directly, and the fourth is the simplest of all, finding the password naturally by seeing it written down or learning it from a previous employee.
With the exception of number three, all of these potential password breaches can be prevented with two ongoing commitments: choosing strong passwords (with several characters, both upper-case and lower-case letters, numbers, and symbols in no discernable pattern) and changing passwords frequently (at least a few times a year, possibly more often for especially sensitive access points).
Related Article: PCI Compliance: What It Means to Your Digital Security
3. Keep your team abreast of best practices.
One mistake is all it takes for even an amateur data thief to breach a secure system. Phishing schemes, which fool users into revealing their login information, and spyware, which can be installed from a seemingly innocuous download link, are two examples of this.
Keeping your employees aware of these types of schemes, and others, is critical for keeping your business secure, because even the strongest passwords and the most encrypted connections will fail you if an employee willingly parts with login information.
Offer a mandatory data security meeting to get your entire team on the same page, and send out regular reminders about security when it comes to downloading unfamiliar software, clicking bad links, and downloading email attachments.
4. Secure your Wi-Fi network.
Anyone on your Wi-Fi connection can theoretically see your incoming and outgoing data. Obviously, you should secure your Wi-Fi network with a password (which, according to rule one, should be strong and updated frequently).
Beyond that, you’ll want to take extra measures to ensure no unwanted activity is present on your network. For example, outside devices (like a worker’s personal tablet or smartphone) could carry malicious software, which while accessing your Wi-Fi network, could tap into your resources.
This isn’t necessarily a reason to ban all outside user devices, but it’s important to inform your workers about the dangers, and offer restrictions on your Wi-Fi access to outsiders.
Related Article: The Security Risks in Social Media: Interview with Joseph Steinberg
5. Watch for insider activity.
Don’t neglect the possibility that one of your own employees could launch, or help launch, a cyberattack against you. Insider fraud was a $3.7 trillion issue in 2014.
Imagine, for a moment, one of your employees is motivated to hack into your data systems and steal information to sell at a later date. How easy would it be? They may have the passwords and unmonitored access already.
There’s no way to concretely prevent an event from occurring, but you can mitigate your risk by performing background checks on your new hires, segmenting your systems access (granting users access to systems only as needed), and employing a system of checks and balances so activity is monitored.
Cyber security is an issue that isn’t going away any time soon. Analysts predict that 2016 will be an even more vulnerable and more important year for data security than 2015, and as technologies become more complex, you can bet there will be more vulnerabilities to consider.
You owe it to yourself and to your business to stay up-to-date with the latest best practices in digital security, and to remain committed to executing them however you can.