Online security isn't something you only have to worry about when looking through your personal emails or checking account.
As a small business owner, you also have to follow best practices when it comes to online security. While some security advice is universal, you'll have to be somewhat more vigilant simply because of the delicacy of your small business.
A security breach, no matter the size, can inflict great harm on your company. Not only do you have to worry about your core dealings, but your customers' as well. To make things even harder, employees have to be taught what they should and shouldn't do while online because one simple error can open the floodgates.
Why security matters
In order to understand the importance of online security for your small business, look no further than some of the most high profile internet attacks in recent years on large companies.
Just take a look at the Target breach of 2013. In December of that year, nearly 40 million customer debit card accounts were exposed after hackers gained access to the company's infrastructure.
According to CNN Money, Target reached several settlements in 2015 with banks and credit card companies, as affected accounts had to be reimbursed. It reached an agreement for $67 million with Visa and another $39 million settlement with MasterCard.
While your small business may not have the large assets covered by attackers, it's important to understand how and why this attack occurred.
Krebs On Security wrote about the hack and explained how such a large breach happened. Essentially, a third-party refrigeration vendor working with Target was breached after an employee opened up a phishing email, which resulted in malware being installed.
You can use this high profile incident to learn numerous best practices when it comes to online security.
No. 1: Develop a security plan
Security is not something that can be developed on the fly, nor can you maintain a reactive approach. Doing so means you only adapt principles and guidelines after an attack. But online, attackers are always looking for methods to gain access to sensitive data. As such, you need to develop a proactive security approach to stay on top of things.
Part of a robust security plan involves employee education. The U.S. Small Business Association recommends you also inform all employees of best practices when they're online. This includes strong and unique passwords, methods to detect phishing email attempts and safe social media usage.
Security plans may involve limiting the use of websites and services that have no bearing on work. Employees may not appreciate the move, but doing so can help foster a stronger security mindset.
Additionally, you'll want to clearly explain the consequences of what might occur if an employee was to break a cybersecurity policy.
Your policies should also elaborate on what to do in the event of a security breach, from the initial investigation to notifying customers potentially affected and upgrading your point-of-sale system.
No. 2: Develop a mobile device action plan
Everyone has a smartphone today, and these powerful devices contain lots of information. They can also be used by cybercriminals as a way to gain access to your network and data.
A mobile device action plan becomes even more necessary if employees also use their phone for work-related matters, which in 2016, should be expected. This plan should require that employees install approved security applications their devices while also having a password lock for the phone itself. As an added security step, all data should be encrypted.
And if your business issues phones for work-related matters, you'll also want procedures and practices in place in the event equipment is stolen or misplaced.
No. 3: Limit access
Access should be limited to computers and other physical equipment. For desktop computers, you'll want to ensure user accounts are created for each individual employee that can only be accessed with a password.
But if your small business is big on laptops, you'll also want to come up with a method of physically securing them. Laptop locks can be used, as can a cart that can be locked up at the end of the day.
Employee access also has to be limited while using a computer. Certain system privileges, such as disabling the firewall or installing programs, should only be left to the IT staff.
No. 4: Payment card best practices
If you haven't done so already, you may want to consider making the switch to an EMV chip card reader. The EMV chip was designed as a more secure alternative for the standard credit card, which typically stored most of its information on its magnetic strip that could easily be read by skimming devices.
What this means for your business is this: Liability has shifted. If an in-store transaction is completed using a compromised card, you will be held liable if you don't have EMV card readers installed.
The SBA also recommends you work with your payment processor or bank to ensure anti-fraud services are in use. Payment systems should be separated from less secure programs and the same computer to process payments should not be used for daily internet habits.
No. 5: Protect and backup your data
Your data is important and valuable. But in the event of a security breach, no matter the size, being able to quickly recover is a must.
"Your company's data should be regularly backed up and protected."
Your company's data should be regularly backed up and protected. Encryption is the name of the game, as is storing the information in a secure manner.
Additionally, you may want to consider storing backup data in multiple locations in the event your backups are compromised. This way, attackers will not gain access to everything you have.
According to CIO, the following are common storage methods worth utilizing in order to back up your data:
- Network attached storage
- Direct attached storage
- Online storage (I.E. cloud)
- Private cloud
- Offline media (such as Blu-Ray and DVD)
- Disaster protected storage
Ideally, your company's data should be backed up three ways, which will depend on the budget and amount of data you have.
Security is paramount for small businesses and needs to be taken seriously. Anything less can result in monetary damages and ruined business endeavors.
For more tips and updates on the latest in banking technology, contact Landmark Bank.
Back to Blog