Introduction
Now that virtually every business involves technology, securing that technology and data is an issue for every small business owner.
Small businesses, those with under 100 employees, face especially tough challenges given their limited resources and lack of full time cyber security teams.
Equally challenging is that many of these businesses are transitioning to the cloud. Owners may be concerned with their data being secured when no longer kept at their place of business. Cloud providers claim a high level of security, but it may cause the owner sleepless nights of worry.
Here are some ways to improve your online security and keep your small business protected.
Risks with regular internet usage
One of the greatest risks is still the most common issue. The simple liability that comes with employees or management using the internet for many aspects of their jobs raises a host of issues that must be addressed.
Are your employees trained to recognize phishing emails or other online threats?
Basic web security steps can often be overlooked or neglected in a small business that is focused on surviving in a competitive business landscape. However, regularly practicing safe online security can help any business weather the issues of online security. In fact, business owners should incorporate online security into their overall business plan, continually revisiting it because one breach can ruin a business or its reputation.
Data encryption and work device boundaries
Stories occasionally crop up where a work computer was misplaced or stolen, putting a huge block of business data at risk. Often this data is not protected according to company policies. The company, of course, thought that every employee was following company procedures.
Online security goes beyond just having a proper firewall or employees who can spot phishing, it also transcends into the offline realm. Your business needs to devise and implement a clear policy on how work devices such as laptops and cell phones should be used outside of the designated workplace.
Proper security measures such as the use of secure VPN login servers and data encryption are crucial to allowing employees the freedom to work remotely, while ensuring the safety of crucial company data.
Random and frequent checks should be conducted on company owned devices to ensure all employees are following the protocols set out for encryption and other security measures. Establishing your online security plan is not enough, it needs to be implemented and then constantly verified.
Limitations and separation of online access
Just as the reasoning of proper internal controls protect financial assets of the company, so should the access of the internet be controlled.
Consider each employee's role individually and decide what the minimum access they require to perform their job is. Maybe an individual does not need to install any new programs because they simply edit the website's blog posts, negating access to other internet activities.
Perhaps your Human Resources generalist needs access to databases with employee information such as health insurance or 401k contributions but does not need access to the customer sales software you use.
These types of limitations may seem neurotic or a feature of a business who does not trust their employees. However, they are simple and practical steps that can be taken at a low cost to improve the security of data or online business activities without hurting productivity.
What products are right for my business?
At very minimum, most small businesses need a few products. These include a firewall, of which there are hundreds of options available to a business owner.
Also important is a data backup solution. If the code of your website is infected and you need to restore the website to a previous state, this information should be stored somewhere different then the primary code.
If your business uses a cloud solution, it would be a good idea to back those files up on another cloud solution or even with a physical solution like an external hard drive.
Depending on your business, encryption software may be essential as well. If you handle any kind of customer data that is sensitive, encryption is necessary to protect their information safely and securely.
Lastly, becoming more popular is a two-step authentication solution. This may mean that your employees have to do something other than type in a password to access their work. The options available include fingerprint technology, receiving a text to their phone, or a wireless token that sends a randomly generated code that must be entered within 30 seconds. This two-step authentication process prevents a lost or stolen password from allowing non-authorized personnel to have access to data.