As unfortunate as it may be to say, 2013 marked a monumental year in data breaches, mainly for businesses that weren’t prepared with the necessary level of cyber security. According to Symantec’s annual Internet Security Threat Report there was a 493% increase in stolen identities since 2012, amounting to over 550 million affected customers.
Many remember recent headlines involving breaches in Apple’s iCloud, but most of us will never hear about the smaller targets data thieves have been cleaning out due to the lack of media attention. The National Small Business Association put out a survey, through which they found nearly half of all small businesses reported being victim of a cyber-attack.
With a reported 66% of all small businesses depending on the internet for day to day operations, there is still a resounding unawareness to to how damaging a data breach can be to your company’s future and reputation.
Thankfully those coding for cyber security are always a few steps ahead. October is recognized by the Tech Community as National Cyber Security Awareness month, so we wanted to compile a comprehensive guide for small businesses to prevent any such data breaches from occurring as we head towards the end of 2014.
Using four levels of protection will ensure your data stays safe.
Securing Your Foundation
Regardless of how big your business is, there are mandatory steps to ensuring the foundation of your cyber security is rock solid. Just like you lock away your valuable possessions, you’re going to need to categorize and document what digital files you’re keeping in vulnerable areas. These categories should be broken down like this:
- Highly Confidential – All of your most sensitive data should be placed in this tier. This includes anything that if stolen could impact your customers, employees, or business as a a whole. Think identity information, things like: passwords, social security numbers, credit-card info, or names and addresses.
- Sensitive – The fine line between sensitive and highly confidential is what couldn’t destroy something if stolen in the financial sense. Sensitive documents are things you wouldn’t want seen externally of your business for privacy reasons. Reports on your employees, marketing plans, contact info, or performance data are all sensitive and would be best stored separately.
- Internal Use Only – Information that is available to all your employees, but still would be best unknown to the public can be classified as internal only. This data may not harm your company, but still is considered items you won’t post publicly.
Securing the foundation also means safeguarding all your devices, should a hard drive or thumb device get lost.
Level 1 Threat Protection
- Restrict Access Points - Knowing which data is the most sensitive will help in choosing who can access it, the less people capable of opening the bridge the less likely a hacker will be able to get in. Always be conservative here, if there’s a document someone will need there will usually be an Admin capable of getting it for them.
- Train Employees On Digital Security Basics - Using email, and having to download software isn’t always black and white in terms of what is safe, and what might have some nasty malware zipped up inside. Provide the resources necessary to help your company recognize what threats may be present in the forms of phishing schemes, identity thieves, or even scammers calling in over the phone.
- Consider Storing Data On A Device Disconnected From Any Network – If your company has no reason to transfer crucial data remotely, don’t make it available anywhere except in the office, on a machine where employees can access it in person.
- Use Reputable Free Software- Not all Cyber Security comes with a hefty subscription fee, check out some verified by the National Cyber Security Alliance on this list.
Level 2 Protection
- Two-Factor Authentication – This is for the most sensitive data. Not only will employees need a password, they will also need a second step such as a PIN number, or ID card.
- Encryption - Encryption essentially mixes up data to look like a bunch of nonsense to those unauthorized to access it. The encryption you use will need to meet the Federal Information Processing Standard (FIPS-Certified), otherwise there’s still potential hackers can read the data by cracking your key.
- Hire A Security Specialist - This might mean paying to send a current employee to get certified as a security compliance officer, or consulting a local IT Professional to secure all the devices and networks with current protection capabilities.
Level 3 Protection
- Physical Facility Lock Down – Despite the transcendence into digital storage and remote access points, much of what can be stolen is still buried in physical machines and data units that can be broken into once removed from your facility. Preventing criminals from entering your building altogether cuts down the possibility what’s inside can be accessed.
- Consult Security Tests - Hiring an outside specialist who knows how to test infiltration points is your best friend when it comes to knowing for sure whether or not your system’s security is air tight. If they can get in, you’re not losing everything, and will know what to improve upon.
- Personal Device Protocol – Personal electronic devices can be detriments to certain access points. Smart phones that employees have connected to the wifi is as simple as it gets to allowing hackers to tap the network and get whatever data they want being transferred between the device and server. Your IT team can set up minimum security requirements so these outside devices won;t be able to access the network in the first place.
Small businesses have it especially tough when it comes to maintaining the security of their data. One breach can ruin the trust of an entire community, which is usually how small businesses thrive in the first place. Don’t allow your business to suffer.