Cyber security is quickly becoming one of the fastest growing crimes in not only the United States, but the world. So much so, that there are entire insurance companies who do nothing but handle insurance related to Cybersecurity. As we fast forward into the future, these types of crimes will only get worse. As business owners, the threat of cyber attacks used to be something only big corporations needed to deal with. After all, who targets the local “mom and pop” business? The reality is, the most targeted group of business’s in the United States is small “mom and pop” businesses. Why? Because they know that most small main street America businesses don’t take the steps necessary to protect their client’s data, making them an easy target.
While this is not meant to be an exhaustive article on Cyber Security, I do want to mention a few tools and tactics to look at when trying to protect yourself and your client’s data.
FIRST, Limit access to certain data to specific job roles with in the company. Only allow team members to access the data that is necessary to perform their job duties. In addition, it is best to limit employees access to outside sources from company computers, and do not allow them to download software on to company computers without written permission from management.
SECOND, as much as we all hate to say it, Multifactor Authentication is here to stay. Nope- it’snot going anywhere, and it will only become more restrictive. Company’s should require employees to change their passwords on at least a quarterly basis, and create unique passwords. Team members should also not use the same password across multiple types of software platforms.
THIRD, Keep a backup of business data. While it’s best to have data backed up in real time automatically, at least back up data on a weekly basis. This will help minimize the impact of a loss should you be the victim of a cyber security attack. It is also best if you can store the data offsite or in the cloud. Do not limit your storage to just customer data, but include items such as employee personnel files, financial data, accounts receivable and any other private information.
FOURTH, Train team members on your written security procedures, and have them sign off that they have read them and understand them. Make sure to outline what employees should do if they notice a breach in the company’s cyber security, and what steps they should take to mitigate further damage. This is also a good time to let employees know of the consequences for violating the company’s cyber security policy.
FIFTH, Always protect your computers and business operating systems with antivirus software, and make sure that there is a written procedure requiring everyone to update it as required. Another option that many small business are starting to use is computer tracking software to see exactly what employees are looking at on company time. This can help cut down on the company’s exposure to harmful websites that may or may not be related to business items.
SIXTH, protect your WIFI’s Service Set Identifier (SSID) if you are utilizing WIFI. This is your Network Name, and you want to make sure that you are not broadcasting it to people. Always make sure that your router is password protected and that you do not allow third-party people to access your WIFI.
