For small business owners, protecting the integrity of the information we collect on customers is important, if not only for the sake of our brands and our bottom lines. Look no further than Ashley Madison headlines to understand the serious repercussions businesses experience by compromising sensitive customer information. Of course, more than protecting the image of our businesses, we’re actually required to do our due diligence by law with data regulated by either HIPAA or SOX.
Still, despite our best intentions, recent headlines suggest that data is vulnerable, especially for small and medium-sized businesses. While large companies can afford to invest in advanced information security, small businesses tend to lack the education and technology to properly protect data.
I sat down with Ebba Blitz, the CEO of Alertsec, a company that set out to bridge the gap in small business data protection by providing SMBs with the same level of IT security as enterprise customers. According to Blitz, here’s what small business owners need to know about protecting sensitive data.
Passwords aren’t enough
While all companies are required to protect personal customer information, the lengths they go to preserve data are highly variable. Many small business owners believe that by password-protecting information, their job is done.
According to Blitz, however, password protection is not enough. Unless information is encrypted, if someone gains access to a device they can access your data.
“Most users save their usernames and passwords in the browser so we also must remember that any document or file that we work on in the cloud leaves traces on your device,” says Blitz.
Device theft is more about data than property
A few years ago, laptops may have been stolen because the laptop itself was valuable. Now, it’s the data that is sought after. While there is finite value in what you can get for a laptop, the value of data is boundless when you consider all the financial gains someone with your data can access: filing bogus tax returns, insurance fraud, and falsifying credit card applications, to name a few.
According to Blitz, there is a market for your data on the Dark Web. Consider the impact if this becomes a problem on a large scale.
“If sensitive information is lost to crooks, the entire system could break down – we will have to find a new way to identify ourselves,” says Blitz. “We are not there yet, we are not close to there yet, but it does need to be addressed right now.”
Third party contractors can create vulnerabilities
An often-overlooked part of IT security is the added complication of third-party contractors. We used to be confident that large companies that we do business with were taking care of us. According to Blitz, that’s simply a false sense of security.
“The workplace is more integrated and professionals are more specialized which makes companies more dependent on contractors. This is the trend in business. Data security used to be in the interest of really large companies, but that’s not the case anymore because large companies work with small companies. Anyone that shares data with anyone else needs to look at their IT security,” says Blitz.
In this scenario, hackers are very clever. They have a go-to-market strategy regarding how to commit IT fraud. In response to demand, crooks are getting smarter. Fortunately, so are the good guys.
“So far we have been able to keep pace, but everyone needs to pull their load,” says Blitz. “If everyone had a complete IT security chain, there wouldn’t be anything for these crooks to get.”
Understanding the role we play in data security -- as small business owners, subcontractors, and even established firms -- allows us to take control of sensitive information and stave off potentially detrimental breaches. When we work together to maintain the integrity of our data by encrypting information and understanding the risks associated with device theft, we take the power away from those hoping to gain from our lack of infosec knowledge.