Small Businesses Get Hacked, Too: Security Musts
If you’re a small business with, say, a dozen or fewer employees, you probably don’t have a dedicated Information Technology (IT) specialist on your staff. Managed IT – outsourced IT that monitors your networks and does needed maintenance – is an option, but that can be an expensive budget item, too.
Still, you need to protect yourself. Some data thieves target small and midsized businesses, believing that they’re easier prey than major corporations.
One intrusion that exposes your own and your customers’ financial and personal data can force you to close your doors for good. So do everything you can, even if you can’t afford third-party or full-time help.
Be vigilant about updates. Operating systems and major desktop applications all need to be refreshed as soon as updates are available. Updates often contain not only bug fixes and enhanced features, but also solutions for known security issues.
Consider paying for at least one consulting session with a security expert. Make attendance mandatory for all employees; security awareness should be a company-wide effort. Stress frequent password changes. Encourage staff to be aware when someone might be viewing their screens over their shoulders.
Know that an intrusion may come from within your ranks. Do background checks before hiring, especially on anyone who will have access to financial data. Cross-train staff if you can so that irregularities are detected. If you’re using an accounting application, make of its user permission settings.
You obviously trust your employees or you wouldn’t have hired them. But a lot of fraud does come from within. A disgruntled employee can copy a lot of sensitive data onto a USB drive. So keep news about impending layoffs and firings as confidential as possible. And as heartless as it sounds, do have a senior manager accompany any employees who are relieved of their jobs back to their work areas, and then escort them out of the building after they’ve packed.
Protect your networks. What one employee “gets,” the rest will, too. There are a number of measures you can implement to stop an electronic epidemic before it starts.
- Curtail global access to websites. This is a tough one. Malware and viruses often slip in via mobile apps, malicious websites, and email attachments. Before so much work was done in the cloud, some companies used network software to restrict workers to only specific websites. Such solutions still exist, but this is kind of a draconian measure. So make it a firmly-stated policy, one that has consequences if an employee brings in a threat due to careless use.
- Use state-of-the-art malware and virus protection solutions. Don’t skimp on these critical applications, and make sure that your staff implements them on mobile devices. Get recommendations from your advisor and from expert reviewers.
- Consider monitoring software for local networks that will alert you to problems and help you track them down.
Your cloud-based solutions are not immune to intrusions, but they have teams of security experts backing them. Try to be as attentive as they are to your own earthbound applications and data.