Tips for Safe Selling: Cybersecurity for Small Businesses

Regardless of whether your business has ever experienced problems with cybersecurity, you should always be on the lookout for ways to make your digital information as secure as possible. The U.S. has held National Cybersecurity Awareness Month annually for nearly a decade, so keep in mind this isn’t really a novel issue for businesses. It’s important. Awareness of your company’s online security should be a priority year round. In fact, theft of information online has surpassed physical theft as the No. 1 most commonly reported form of fraud.

Online attacks can have big implications for business owners whose private information—or that of customers—is compromised. Because you are providing services to the public, your business is responsible for keeping consumers’ sensitive information safe. While bigger companies can more easily outsource this responsibility to a third party, small businesses sometimes don’t have that luxury. However, cybersecurity is such a pressing concern that even the federal government recently held a hearing on protecting small businesses in particular against emerging and complex cyber-attacks.

Here are some tips on how to make sure your company’s software systems are safe and secure so you can protect emails, financial information and customers’ data.

Conduct a risk assessment.Cybersecurity plans and policies aren’t one-size-fits-all. There are tons of software programs available for information storage, and different businesses store different types of information. Assessing your company’s risk by identifying and categorizing the unique sets of information you own is the first step in creating the most effective possible risk management plan for your business.

Formalize a cybersecurity policy. Implementing procedures for handling digital security is something any business can do—at no cost. Your policy should be based on the results of your risk assessment and incorporate specific measures for how to handle the security issues your company is most vulnerable to. Your employees should be made aware of the policy and be trained how to exercise basic security principles—such as creating strong passwords that are less likely to be cracked. You also might consider whether or not employees’ personal data should be kept on business devices, or if you want them accessing business data on their personal devices. Steps should be clearly defined for what to do in the event that a device is lost or stolen.

Use your anti-virus software properly. Every computer in your business should have regularly updated anti-virus and anti-spyware software, preferably running in real time. You should be able to program the software so it scans for both viruses and software updates at least once a day, at different times. You might also think about obtaining copies of anti-virus software for employees’ home computers if they ever use home devices for business. In addition to the free software that comes with many operating systems, plenty of vendors offer paid subscriptions to security applications that provide even more beefed-up protection. Ask your vendor for details, or check out this list of 2013’s best anti-virus products.

Encrypt your data. Taking measures to protect sensitive data from hackers can help decrease your company’s risk of a cyber attack. But, there are no solid guarantees you’re safe from a breach. If your business’s online security is somehow compromised, having your data encrypted gives you an extra cushion of protection. Encryption is basically scrambled code that makes it almost impossible for spies to extract meaningful data. Encryption is particularly important on mobile devices since they’re more likely to be lost or stolen. Disk encryption systems come with many operating systems. There’s BitLocker for Windows PCs, and FileVault comes standard on Macs. Look into these systems and find out how well suited they are to your needs.

Secure your wireless access points. Wired-equivalent privacy (WEP) is not viewed as secure for wireless traffic encryption. WiFi Protected Access 2 (WPA-2) with Advanced Encryption Standard (AES) is safer and can better protect sensitive information from being intercepted as it is transmitted between your computers and your wireless access point. The user manual that came with your device should have instructions on how to set up wireless access points the way you want them.

Back up all your important data. Devices and hard drives can fail, and employees sometimes make mistakes. Even worse, predatory programs can destroy all data on your computer in an instant. That’s why your databases, spreadsheets and records related to finances, human resources and accounts receivable/payable should be set to automatically back up. You might back up once a day or once a week, depending on your business’s level of activity. The National Institute of Standards and Technology recommends that the size of your storage device should be at least 52 times the amount of data you have, plus about 30%. Where to back stuff up, you ask? There are several options, including a separate hard drive on your computer, somewhere online or on removable media such as an external USB hard disk. Most security software suites come equipped with backup functions.

Maintain secure databases. Ninety-two percent of data breaches involve a database, according to a 2013 Verizon Data Breach Investigations Report. To minimize risk, it’s important to manage the sensitivity level of your database by carefully picking and choosing what information to store, according to Frank Caserta, the chief security officer of Acxiom Corporation. Databases can be somewhat misused when businesses view them as places to store anything and everything. Barely used but extremely sensitive data is often thrown into company databases with little thought. This raises the stakes a ton, forcing businesses to maintain strict security requirements that limit their own use of the data. By reevaluating your database and deciding what information is absolutely necessary to have in it—and conversely, what sensitive data can be put in a location less susceptible to a breach—you can enhance your company’s use of its database while decreasing security risks.

Despite the growing number of small businesses that incorporate mobile and digital platforms into their service models, three-quarters of small and medium businesses believe their company is safe from cybersecurity threats such as hackers, viruses, malware or other forms of breach. This research, released by the National Cyber Security Alliance (NCSA) and Symantec in March 2013, also found that 83 percent of businesses surveyed don’t have any formal cybersecurity plan. If yours is one of those businesses, it’s time to look into available options. Whether or not you have a surplus to spend on security assistance for your business, there are tons of free resources to consider. The Federal Trade Commission has compiled a long list of things you’ll find very useful. The National Initiative for Cybersecurity Education is also a great resource for learning more.

Want to dig deeper?