A 2012 survey by the Ponemon Institute found that 55 percent of small businesses had experienced at least one data breach in 2012. 53% had multiple breaches. While I find this percentage alarming, I am not surprised. Today, technology has evolved to a point where many small businesses now use cloud-based applications to store and share company data. They have employees bringing and storing information on their personal devices. There has been a complete assimilation of social networks into almost everything - employees and customers are sharing more information than ever online and to a worldwide audience. These practices are making small businesses more susceptible to data loss and breach.
As a small business owner and one who works with a number of small businesses, I understand the limitations that small businesses face when it comes to implementing cyber security and protecting company data. In May 2013, CSID conducted an omnibus survey that asked small business owners from around the country what barriers kept them from focusing on cyber security. Nearly a quarter responded that they don't have the budget. 17% said that security issues are evolving too quickly to keep up. Interestingly, 43% stated that they were comfortable with their current security measures. This tells me that many small business owners aren't aware of the risks the business faces and the impact that data loss can have on a company.
Cyber security can be overwhelming and when you have to worry about all other aspects of running your businesses, it is often overlooked. Yet there are many things a small business owner can do to protect their information that don't take a lot of time, money or manpower. Consider the following.
1. Educate and monitor employees: The majority of data breaches are caused by human error - an employee loses a USB stick with sensitive information or uses a company credential like an email address or password on another website. Educating employees on general security issues like password best practices and avoiding malware is probably one the easiest and most effective ways to reduce the likelihood of data breaches. The National Cyber Security Alliance, www.staysafeonline.org, has materials and information on employee education for small businesses owners looking for help.
2. Create a security policy: Another way to address the human error is to take the guesswork out of cyber security for your employees. Create a plan that spells out what employees can and can't do when it comes to security. If your company lets employees access company information on their personal devices, require them to make their devices password protected. Ask employees to change their passwords every six months and require that they not use company credentials on other sites. Getting your employees onboard with a security plan can help protect the business.
3. Work with third party vendors: Many business owners don't realize that the vendors you work with can put your business at risk. If you're planning to store company information in the cloud, work with a cloud provider that has a reputation for security. If you use any online systems that let employees access company information, see if the system provider offers two-factor authentication. Taking a close look at the vendor's security upfront can help avoid data loss down the line.
4. Keep an eye on your credit reports: Similar to how you keep an eye on your personal credit report for unwarranted activity, you need to do the same with your business' credit report. There are a number of inexpensive products available that can help with this and send you an alert if there is suspicious activity on your report.
5. Only collect and store data that you need: This one is a simple tip shared with me by Chuck Gordon, CEO of SpareFoot and small business owner. The way Chuck limits the risk of breach within his company is to simply not collect and store information beyond what is absolutely necessary. Don't collect a phone number if you don't plan to call the customer. Don't store credit card information if it can be avoided. If you collect it, you have to protect it.
As small businesses become a growing target for hackers and as our online systems become more complex, adopting measures to protect sensitive information and the health of the business is of the upmost importance. The above are tips that small business owners can adopt that bypass barriers such as limited budget and a confusing cyber security landscape.