Protecting your data, and that of your clients, should be central to all of your business practices. Customers entrust companies with often very sensitive data, and it should be used and stored safely. Cyber security should be a priority in companies of any size, but when you’re a small business without a big security budget, how do you keep yourself protected?
1 – Learn from Others’ Mistakes
When a large company experiences a cyber security breach, it doesn’t take long for the media to expose it. Luckily for small businesses, that means there are a lot of public examples
to learn from. With each large-scale attack, we learn new ways to improve security, but hackers also invent new ways around it.
Each time you hear of a new cyber-attack, try to answer these questions:
1. What kind of data were they after?
2. How did they get it?
By understanding the answers to these questions, you will better understand which types of data are most vulnerable—and therefore need the most protection—and also how to avoid making the same mistakes that other businesses have.
2 – Restrict Websites
Limiting what your employees can look at on company computers can help to defend your network from any malware that lurks on unprotected websites. Some businesses go as far as implementing firewalls and actively blocking certain sites, while others just use an honor system and trust that their employees will be sensible with their internet use.
Whatever you choose, communication with your team is key. Either let them know which websites are trustworthy and therefore safe for them to browse in their downtime, or explain where firewalls exist and why.
3 – Use Secure Websites
Hyper Text Transfer Protocol Secure (HTTPS) is the newer, more secure version of the protocol which transmits data between your web browser and the website you’re currently on. Although it’s mostly used for online banking and shopping, where sensitive financial data is processed, many larger companies are now using it as their default.
Whenever possible, it is best practice to use these secure websites to house, view, and process your customer data. Any information entered into a website using HTTPS is encrypted and thus more difficult to hack.
It’s easy to recognize these kinds of websites by their URL, and most modern browsers usually indicate which protocol is being used with a padlock icon next to the website address.
4 – Know Which Software to Trust
As with websites, you need to know that the software you’re using is trustworthy. As a general rule, it is best to avoid sharing customer data with a third-party, but when you have to, ensure you pick the right software. There are plenty of online review sites that will help you find something that suits your business needs and won’t compromise your cyber security.
If you’re having trouble finding something reliable and fit for purpose, consider building it in-house. Customers are more likely to give up their information to a company that will not share it and will therefore retain full control over it. You also have the added benefit of being the first to know when a security breach has taken place and be able to personally work on fixing it.
5 – Be Open and Honest
When taking on a new client or signing on a new customer, be clear about how and why their data will be used. If you are using third-party software and will need to share their data with another company, tell them so. Being up-front lets your customers know where the vulnerabilities in the system lie and ultimately puts the risk-taking decision on them.
People agree to these kinds of terms and conditions every day, so it’s nothing scary or new to the consumer, but from time-to-time, you may get someone who declines them. Individuals are becoming more savvy about their data security and are taking a second look at the permissions they are giving to companies. As long as you can justify the terms of use and guarantee their data’s security—as far as is reasonably practicable—this kind of transparency can help you further down the line if the worst is to occur.
6 – Carry Out Regular Maintenance
Once you feel you have a good security structure in place, it’s important that you keep an eye on it and make adjustments. It is possible that, as your business expands, it will outgrow its security system. Therefore, it is important that you employ an IT specialist who can regularly monitor and improve the system as needed.
If you are running a skeleton staff or carry out most of the IT work yourself, it is worth taking a bit of time out at least weekly to make sure everything is running smoothly. Update passwords regularly and encourage your employees to create unique, complicated passwords that don’t share a common pattern.
I.e. avoid passwords like “companynameJohnDoe1”. Ask that your customers do the same where applicable. Also clear out suspicious emails and update your spam filters to ensure that all irrelevant and potentially harmful mail is sent to junk.
7 – Don’t Be Complacent
Just because a business is relatively small doesn’t mean it won’t be a target. Think about anyone who has had an email address or Facebook account compromised. If it can happen to an individual, it can happen to a small business. It is not worth neglecting your network security to save a bit of time or money.
