8 Security Habits Putting Businesses at Risk

Security breaches are detrimental to any business. In addition to the financial costs involved, a tarnished reputation is difficult to overcome — and customer trust is undoubtedly tough to regain once personal information has been compromised.

To prevent breaches, security measures must meet all sorts of regulations, such as those set forth by federal and state laws and by industry organizations. For instance, all businesses need to comply with Payment Card Industry (PCI) standards to securely accept credit card payments and keep their customers’ information safe. Privacy guidelines also govern emails, personal data and other types of information that must remain secure.

Nonetheless, no small business is perfect. Due to a lack of time and resources, it seems impossible to keep up with all the latest threats and industry regulations, let alone manage the massive amounts of data a small business generates. From making small blunders to defying company policies, small business owners and employees put their company and their customers’ information at risk every day.

[3 New Cyberthreats You Don’t Know About Yet]

To help small businesses recognize problem areas, Sarah Isaacs, CEO at Conventus, an information security consulting firm, and her team outlined the top security mistakes that leave small businesses vulnerable to breaches and compliance audits. Included below are several tips to help keep small businesses and their customers’ information secure.

1. Ignoring blind spots

In small businesses, technical expertise is generally not deep. Rather, the folks in charge of protecting data are often performing other job functions in the company. If your staff lacks expertise in a given area, it is important to invest in regular security-health checks with subject matter experts to ensure each solution you have in place continues to remain optimally configured and operating at peak performance.

2. Thinking your size makes you immune

Many small companies believe their size means they are immune to break-ins, IP theft or other issues; they may feel only bigger organizations will be targeted. This leads to a piecemeal security portfolio put together with cheap point solutions, freeware and no way to consolidate the information. Don’t think it won’t happen to you; always make precautions and take threats seriously.

3. Not checking your work

Just as a writer’s work is reviewed by an editor, your work may benefit from a second perspective. In one instance, an administrator at an oil and gas company manually input a policy that included a typo. This left a huge hole, which was open and susceptible to attack. Having your work reviewed by a second set of eyes, be it from a colleague or a consultant, can help avoid simple errors and help protect your business.

4. Viewing compliance as a “checkbox”

PCI, the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) and other regulations are not just points to cross off your list. To get out ahead of audit findings, implement industry best practices such as those set forth by the Center for Internet Security (CIS), the SANS Institute or even Microsoft Hardening Guidelines. Nothing ruins your week like tracking down lost data or a root cause, so embrace a security mindset and view it as a responsibility, not a chore.

5. Not enforcing an employee security policy

Few small businesses enforce security policies on their employees. In any business, employees are likely storing customer data, whether they are aware of it or not. A stolen laptop, lost smartphone or even a prying eye can lead to the wrong people obtaining your IP or customer data without your knowledge. Create a policy, if you do not have one currently, and enforce it on all employees.

6. Ignoring staff education

Whether your staff comes to you with a strong security background or is forced to “learn on the fly,” a lack of training can lead to avoidable incidents. No matter their prior knowledge, make sure your IT staff receives training about the products they work with, and be sure to provide time and financial resources to help keep them up to date. Personnel training can provide a large return on investment (ROI) and help avoid incidents that could damage your business and reputation.

7. Using the same passwords again and again

Every company, small or large, should strive to have some guidelines and standard operating procedures around the use — and reuse — of passwords. In order to mitigate the risk of successful password guessing and cracking in their environment, employees should be aware of the issues that may stem from the use and reuse of weak passwords. Put a password manager such as Last Pass, Keepass or Roboform in place to generate random passwords for each new account that is created and to keep track of each password. Change passwords for critical resources every 90-180 days, and enforce rules of complexity such as a minimum number of characters and alphanumeric requirements.

8. Letting just anyone on your network

Clients, vendors and other visitors may request access, but allowing non-secured personal or third-party computers to connect to your local area network (LAN) can be a big mistake. Make sure any and every computer on your network is secure; you never know if a client’s laptop is carrying a virus.

Originally published on BusinessNewsDaily

‘Slick Says’ Blog

Welcome to ‘Slick Says’, Slick Cyber Systems Blog!

What is a data breach?

Don’t Be A Victim of Spear Phishing

Shellshock BASH flaw leaves Mac OS X, Linux, and more open to attack!

Why backup to the cloud?

Protect Your Business From Being The Next Victim Of Cyber Crime

In business you need to watch your apps.

Software can reduce the stress of small business.

TSA Announces That Uncharged Devices Banned from Some Flights

Windows 8 Free + Windows Phones set to drop below $200.00

Oleg Pliss stole my iPhone.  Who’s Oleg Pliss?

Is Hacking a Website To Steal My Information Easy?

Managed Services, Why Do I Want Them?

Open Source Stinks (for business)


HEARTBLEED BUG (Real or Hype?)

Come on, Outsource your I.T.  It’s a ‘NO BRAINER’.


WTF is my password?  (Don’t worry we’ve been there too.)

I Always Feel like Somebody’s Watching Me.  (Well Maybe They Are!)

Save Money on Ink?  Please tell me more you say…

Counting Down The End Of Windows XP and Office 2003

The Impending ‘Windows XP Disaster’

Why register your domain for multiple years?  Well, because…

Bitcoin mining botnets and Windows XP threats are booming.

How Switching to VoIP Can Save You Money and SO MUCH More.

Do Mobile Devices have a Double Standard for Data Protection?

You may view data security as a top priority, however your employees don’t.

Will Bill’s iPad bring down the network?

Are Cloud Sharing Services Safe for Businesses?

Homeland Security’s advice on protecting your POS System

The End Of Windows XP Support:  What it really means for businesses?

How to sell the value of social media to people who don’t get it

Generation Y Rebels Against Company Tech Rules

BYOD… What Is It And Why Should I Care?

Shadow IT, is Undermining Your Security.

3 new cyber threats you don’t know about yet.

8 Security Habits Putting Businesses at Risk.

Cloud black-outs cost millions… Avoid common mistakes.