Security is very important and to say breaches are detrimental to any business is a simple understatement. Not only the financial costs involved to resolve the issue, a damaged reputation is difficult to overcome — and customer trust is tough to regain once personal information has been compromised.
To prevent IT breaches, security measures must meet regulations, set forth by federal and state laws and by industry organizations. Example, all businesses must comply with Payment Card Industry (PCI) standards to securely accept credit card payments and keep their customers’ information safe. Not to mention privacy guidelines also govern emails, personal data and other types of information that must remain secure.
Often due to a lack of time and resources, it seems impossible to keep up with all the latest threats and industry regulations, let alone manage the massive amounts of data a small business generates. From making small mistakes or oversights to defying company policies, small business owners and employees put their company and their customers’ information at risk every day.
Slick Cyber Systems helps small businesses recognize problem areas. Some of the top security mistakes that leave small businesses vulnerable to breaches and compliance audits. Included below are several tips to help keep small businesses and their customers’ information secure.
1. Ignoring IT blind spots
In small businesses, technical expertise is generally not deep. Often, the folks in charge of protecting data are often performing other job functions in the company. When your staff lacks expertise in a given area, it is important to invest in regular security-health checks with subject matter experts to ensure each solution you have in place continues to remain optimally configured and operating at peak performance.
2. Somehow thinking your size makes you immune
We hear it all the time too many small companies believe their size means they are immune to break-ins, IP theft or other issues; they may feel only bigger organizations will be targeted. This leads to a piecemeal security solution put together with cheap solutions, freeware and no way to consolidate the information. Always take precautions and take threats seriously.
3. Not checking your work
Your work may benefit from a second perspective. Having your work reviewed by a second set of eyes, be it from a colleague or a consultant, can help avoid simple errors and help protect your business.
4. Viewing compliance as a “checkbox”
PCI, the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) and other regulations do not just a point to cross off your list. Get out ahead of audit findings, implement industry best practices an IT professional service provider like Slick Cyber Systems an help identify this for you. Because nothing ruins your week like tracking down lost data or its root cause. Security is a mindset and a responsibility, view it as such. Not a chore or distraction from your daily tasks.
5. Not enforcing an employee security policy
Small businesses often do not enforce security policies on their employees. In any business, employees are likely storing customer data and A stolen laptop, lost smartphone or even a prying eye can lead to the wrong people obtaining your IP or customer data without your knowledge. Be sure to create a policy, if you do not have one currently, and enforce it on all employees even the executives.
6. Ignoring staff education
A lack of training can lead to avoidable incidents. Make sure your IT staff receives training about the products they work with, no matter their prior knowledge. And be sure to provide time and financial resources to help keep them up to date. Personnel training can provide a large return on investment (ROI) and help avoid incidents that could damage your business and reputation.
7. Using the same passwords again and again
Every company should strive to have some guidelines and standard operating procedures around the use — and reuse — of passwords. Employees should be aware of the issues that may stem from the use and reuse of weak passwords. Put a password manager such as Last Pass, KeePass or Roboform in place to generate random passwords for each new account that is created and to keep track of each password. Change passwords for critical resources every 90-180 days, and enforce rules of complexity such as a minimum number of characters and alphanumeric requirements.
8. Letting just anyone on your network
By allowing non-secured personal or third-party computers to connect to your local area network (LAN) can be a big mistake. Make sure any and every computer on your network is secure; you never know if a client’s laptop is carrying a virus. Clients, vendors and other visitors may request access, but this does not mean you have to allow it. But if you do be certain that you have the proper protections in place to mitigate this practice from being the reason for a company-wide system outage or security breach.
Some additional articles you might find useful: