How small businesses should protect their data

How small businesses should protect their data

Larger corporations have invested time and resources in hiring the best IT professionals for their expertise in data protection. This leaves financially strapped small- and medium-sized businesses wondering if they’d be able to compete. The answer is yes, but only if they know how to utilize the right resources that provide the same kind of protection for a fraction of the price.

According to a report by Keeper Security and the Ponemon Institute, 50 percent of small businesses have been breached in the past 12 months, which is why businesses nowadays rely heavily on data storage -- whether in the form of internal solutions or off-site vendors. Losing unrecoverable data results to furious customers, tax disputes, and even legal judgments. Because of these risks, business owners need to implement a strong data protection plan and policies and standards.

The next and probably most important question is, what’s the first step they should take to ensure data protection? Because there are numerous approaches that can address the issue, there isn’t a fixed answer. Nevertheless, it’s vital for business owners to at least have a plan of action that will help ensure data integrity. Why wait around for something to go wrong when you’re capable of preventing it from happening?

Data access hierarchy
The first step towards secure organizational IT policies is to understand that not every employee -- especially newcomers -- should have access to sensitive data. It’s important to restrict full-access or master login to your servers, even for trusted IT managers. You never know when your data can get leaked and who to blame.

Threat sources identification
Business data isn’t exclusive to just written information but also to financial data and human resources data as well. Locating the source of threats is akin to finding a needle in a haystack, which is why the following labels ease the process of identifying potential threats:

  • Unintended disclosure - commonly referred to as “leaks”, this happens when non-disclosure isn’t properly established. This causes staff members to openly share semi-confidential information through social media (most commonly Facebook, but also through fax, mail, letters or phone calls).
  • Hacking and malware - from DDoS attacks to wiping out your data, hackers are capable of bringing businesses to their knees. The latest addition to a hacker’s arsenal is ransomware, where hackers encrypt your hard drive and demand a ransom to decrypt it - if you fail to meet their demands, your data will be gone forever.
  • Lost/stolen mobile devices - whether it be tablets, phones, flash drives, CDs, or laptops, they contain sensitive corporate information that could easily fall into the wrong hands
  • Intended disclosure - individuals or spies that are making a deal with your competitors, deliberately leak vital data from your business to theirs.

The importance of data encryption
Data encryption translates data into another form, or code, only visible to people with access to a secret key (formally called a decryption key). Acquiring data encryption software for your servers and devices might sound like a good idea, but before doing so you need to consider the following:

  1. Is your company prone to hacker attacks? The answer depends on the number of staff you have, your business’s local and international market ranking, and the area you work in.
  2. Do you require portability? If your business relies on a mobile workforce, it’s important to have laptops encrypted. Because, depending on your software, you can make it impossible to decrypt data without the user’s password, a great countermeasure against stealing sensitive information.

Strengthen passwords
The next time you’re reminded to change your password, remember that hackers constantly target passwords and try every possible way to crack it. It’s best to change passwords quarterly to ensure extra protection and using the same password for all sensitive data should be avoided at all costs. Make it a requirement for your staff to set passwords with more than eight characters, including the following items:

  • Upper and lowercase letters
  • Special characters like _ # ! or / (better if done twice through the password)
  • Numbers

Protecting your critical data has never been more paramount, something that can literally make or break your business. By partnering with Complete Technology, we help you maintain the data integrity needed to navigate your business in the right direction - up. For further information, feel free to call or email us anytime!

FREE eBook: The SMB's Guide to Cyber SecurityLearn More Here
+ +