You don't see the stories in the news often but cyber attacks happen frequently in small business. The U.S. House Small Business Subcommittee on Health and Technology reports that small businesses with fewer than 250 employees account for 20 percent of the cyber attacks in the United States. Small businesses are especially vulnerable because they may not be able to recover from an attack. Start protecting your business so you don't become one of the 20 percent harmed.
The starting point for protecting your digital assets begins with physical devices. Desktop computers, servers, laptops, tablets and smartphones are easy prey for burglars who can bypass security systems. Time is of the essence to a burglar, so they will walk through your office and pick up anything that isn't bolted down. Computing equipment should be locked away or taken home with employees.
A small business in Seattle had several old laptops stolen, according to an article in Entrepreneur magazine. The data on the laptops was used to create phony accounts and move funds from the company payroll. Any physical devices in your office that contain company data should be physically secured from possible theft.
Enable data encryption on all of your hard drives. This stores the data in an encrypted form that will at least deter cyber hackers from taking the data. Make sure all sensitive data is encrypted such as customer information, employee information and financial data. Any interfaces you have with outside systems, such as a bank or clearing house, should use encryption when passing data between the systems.
Any activities you do in the cloud should be encrypted too. Check with your cloud service provider for encryption options and purchase the highest one you can afford. No encryption is foolproof, but the more sophisticated it is, the harder it is to crack. Most cyber hackers look for the path of least resistance and may pass up your information for data that is easier to access.
Prevent System Break-Ins
Install and configure firewalls, virus protection and malware detection onto all of your systems. Make sure the licenses are up-to-date and the virus libraries regularly refreshed. Enable real-time scanning of email and attachments and any downloads from web browsers. Schedule complete scans to be run regularly, at least once a week.
A hard-wired network will prevent break-ins through a wireless network, but it is inconvenient and not a complete solution. If you have a wireless network, disable the SSID broadcasting and use the most secure encryption standard it has available, such as WPA2.
Educate Your Employees
Get your employees on-board with your security plan, advises Forbes. Train them on the risks of cyber attack and what they can do to be more aware. Enforce strong, unique passwords that get changed regularly.
Social Networking Risks
Small businesses are encouraged to use social networking to promote their business and create connections with their customers. Yet, your information can be in the hands of thousands of people in a matter of minutes. This is good when the right consumers are following you, but also presents a risk that someone becomes interested in tapping into your data for fraud. Security services such as Lifelock.com help monitor your social networking and look for signs of fraud and identify theft. Catching suspicious activity early so it can be blocked saves you the pain of recovering from a potential financial disaster.
The BYOD Challenge
If employees are allowed to use their own personal devices to access company information, make sure they are educated about how to keep that information safe. When they are on the road, or even at home working, employees should make use of virtual private servers (VPS). Hotels, coffee shops and other public places where you might work use public networks that have no encryption and are easy to break into. Using a VPS in those locations creates a secure connection to your company's servers. They are harder to break into and the data is encrypted.