It’s 2019 and data security is no longer something you can push to the back burner. Small businesses are being targeted more than ever and the consequences are disastrous. According to UPS Capital,
- Nearly two-thirds of all cyber attacks are being directed at small businesses.
- Cyber attacks cost small businesses between $84,000 and $148,000.
- 60% of small businesses go out of business within six months of a data breach.
You have so much to lose and it’s critically important to be prepared. Here are 3 simple, actionable ways you can help thwart a data security breach for your company:
Train, Train, Train
“If you train hard…you’ll be hard to beat.”- Herschel Walker
One of a company’s biggest challenges in protecting data is the risk their own employees pose. Most of the time, employees are unaware that their everyday actions can actually open the door to a cybercriminal. That’s why it’s critically important to train your employees on the importance of data security and how they can contribute to keeping your company’s information safe. The more training you give your employees, the less likely they will be to inadvertently expose your company’s data.
Instill in your employees a sense of responsibility for company data. This applies to members on all levels, from the CEO (probably you) all the way down to the most part-time employee. Teach them that not only do they have a responsibility to the data security of the company they work for, but they also have a responsibility to safeguard the information of your clients and employees. Employee training should cover, but not be limited to the following:
Train employees on the importance of creating strong passwords and require them to change them frequently. Passwords should be difficult for others to guess but easy for the user to remember so that they don’t have to be written down. If your business uses many applications that require complex passwords, you might consider investing in a password management tool for your office such as 1Password.
Equip your employees with the knowledge to do if they do experience a data security breach. Make reporting procedures clear and easy to follow. Employees should be trained on how to recognize if their device has been affected (running unusually slow, changes in desktop configuration, unexplained errors..etc.).
Email usage and phishing attacks
Using email responsibly is a key tenant in defending against a data security incident. Train employees to beware of scams and suspicious attachments and that those could be a phishing attempt and an tactic to solicit for personal information that could end up exposing your company’s data.
Let your employees know that downloading unlicensed software on a company computer is not allowed. Because many people download all kinds of things on their personal computers, they may not even think twice about installing a program on their work computer. But, unlicensed software downloads can make your company vulnerable to malicious software and, ultimately, a data security breach.
Put their knowledge to the test
Conduct regular training exercises to ensure your employees can practically apply the data security skills you are teaching them. Try sending out a simulated phishing email and see how many people fall for it.
Reward for compliance
This technique may result in less discipline for infractions. According to the Wall Street Journal, “Companies are starting to take a new approach to get employees to be more vigilant about cybersecurity. Instead of punishing employees when they make mistakes, they’re rewarding them when they do something good.”
Verify Vulnerabilities—Conduct an Audit
One of the best ways to protect your business from a data security breach is to see where your vulnerabilities lay. A great way to do this is to set up a cybersecurity audit. Once you know where the weaknesses are you can develop a plan to address them. The Financial Industry Regulatory Authority (FINRA) has developed a free Small Firm Cybersecurity Checklist that is a great audit tool that helps you hone in on areas where your company’s information is susceptible.
Schedule Software Updates
Software updates always seem to pop up at the most inconvenient time. So, naturally, you ignore them. But, the longer you delay installing updates, the more vulnerable your device is. Software companies provide updates to protect your device from cybercriminals and hackers. By not running the most up-to-date version of a software program, you are opening the door for your device to be infected by malware, ransomware, and other viruses.
Most software companies make it easy to keep your systems updated and protected. Take advantage of the automatic update features. Choose a time that is convenient for you and your office. Installing a huge, hour-long update at 2pm on a Wednesday is probably not the most productive use of you or your team’s time. Opt instead to have your devices automatically install updates outside of business hours, like in the middle of the night. That way, when you come in the next day, your software will be running the latest version and you will have minimized your vulnerability, and you (or your employees) won’t have to ignore those annoying reminders to keep updating your software.