Keep your business from making headlines for all the wrong reasons with these security tips.
The headlines almost feel commonplace at this point: “Data Security Breach at Company X," but what's really at stake?
Valuable data, both personal and business. The value associated with the integrity and trustworthiness of your business.
And money, lots of money.
In fact, according to the IMB-sponsored 2018 Cost of a Data Breach Study conducted by Ponemon Institute, the global average cost of a data breach has now reached $3.86 million. Let’s face facts. That figure includes all of the huge corporations that have been breached.
But recent articles claim that the number is well above $30,000, even for very small businesses. If that figure doesn't encourage you to protect your company's data, I don't know what will. After all, even a $35k unexpected expense could put many small businesses “out-of-business”.
And that figure doesn’t include lost business on-going from customers who don’t trust you anymore. Or the loss of revenue while your “repairing” your network(s).
But you already knew you need to focus on your business and data security, right?
Let's look at a few strategies you can use to protect your business from cyber threats.
1. Use and maintain good antivirus and spyware protection.
This one's simple, but there are companies that just flat out fail on this data security strategy.
Buy an Anti-Malware product. Install it (seems obvious, but doesn’t always happen). Keep it updated.
It's that simple.
There are many good options: ESET, Sophos, Webroot, Malwarebytes and Bitdefender are just a few. If you have a computer, you need antimalware and spyware protection. Oh, and you need to install the anti-malware software on EVERY computer that’s connected to the internet and your networks.
2. Make data security part of your company's culture.
Real, business security depends on two factors:
- You make it a priority, and
- You getting buy-in from your entire staff.
You can establish all of the security policies and procedures you can imagine, but if you don’t get your staff on-board, it’s all just a dream.
Explain why data security and the health of your business go hand-in-hand. Make it clear why data security is vital for every member of the organization. Enroll them in a Security Awareness program.
Some services cost less than $25 per year per employee, but the difference is amazing. Your employees will be able to recognize a phishing attack before they click on that dangerous link.
3. Back your information up.
If your company's computers or mobile devices are hacked, it's not just the financial and personal data that are at risk. You also risk losing all your files and history.
Just take a minute to imagine everything you'd have to do to reconstruct your business if you walked in tomorrow to find files wiped clean. Think of the labor. Instead of kicking yourself for not backing up your information…
Back. It. Up.
Set Word and Excel files to automatically back up to the cloud and you should do regular, system-wide physical backups as well. Best-case scenario, you'll never need that backup.
Backups don’t have to be expensive. There are options from $15 per month to thousands of dollars per month. You need to think about your business-critical data, where it’s located (is it neatly contained in a central location or randomly stored everywhere), how much data do you have to back up, how long can your business run without your critical data and how easily can you confirm your data is recoverable.
All of these factors (and more) go into determining what kind of backups you need and how much it will cost.
If you were to get infected with Ransomwaretody, you'd be glad you took business security seriously.
4. Establish role-based access.
Even if your business is small, you need to think about which employees need and should have access to what information. (Your personnel files, for example, shouldn't be accessible to everyone, and access to bank accounts must be limited.)
Administrator login rights provide easy access to all shares on your network data storage drives, while limited access could prevent a virus or malware from spreading throughout your network.
Don't forget to manage security on devices employees use to access information from home or on the go. Even employee personal smartphone could be the backdoor a hacker needs to get into your business networks.
But there's more to genuine business security than making sure only certain people are authorized to sign checks.
Who has access to IT data? Who can access client information? What parts of your computer infrastructure can each employee password provide access to?
These important questions get at the heart of this strategy. Make sure information and access is available to only the roles that require it.
And one more thing related to access: For heaven's sake, don't forget to change passwords and revoke access for employees who leave the company.
5. Focus on physical devices and remote access.
So you've got amazing security software installed on every computer and server. You've emphasized just how important data security is, and you've got your employees on board.
Don't forget to manage security on devices employees use to access your network data from home or on the go.
Laptops, tablets, mobile phones… Even if they're not company property, if they can get into your system, you need them to be secured.
Take the extra step of purchasing appropriate software for your staff to help ensure your data security is intact.
6. Perform a data risk assessment.
Maybe you think you've got it all locked down. Maybe you're not really convinced you need to lock it down at all. Or maybe you're looking to get buy-in from investors or partners to spend the money on data security.
A data risk assessment can be a valuable tool, identifying vulnerabilities and helping you manage and mitigate risks.
Your business may or may not require a data risk assessment, but if you're on the fence, or having trouble selling the expense for proper business security, then the assessment can be the tool that encourages action.
As a business owner, you shoulder big responsibilities—to your family, your employees (and their family) and possibly even your investors. One of those responsibilities is the security of your company's data.
Protect yourself and your company by taking data security seriously.
If you have no idea how to implement any of these strategies, we are here to help you.
Give me (Don) a call at (636) 542-8653 and we can discuss what kind of help you need.
It’s critical you protect your business from cybersecurity threats. They’re only going to get worse and more sophisticated.
Call TODAY before you get your name in the headlines!