5 Steps to Protect Data at a Small Business
July 23, 2019 by Bill Rosenthal

Data protection is more important than ever today for small businesses. Large corporations and governments were once the favored targets for hackers but those days are gone. The availability of hacker starter kits, easily purchased on the dark web, has given rise to a new breed of hacker who, while not as tech savvy, can cause just as much havoc.

These new hackers don’t attempt to breach the cyber defenses at Microsoft or Marriott. Those companies have armies of highly trained cybersecurity workers having learned their lesson from previous breaches. Today’s hackers are increasingly targeting smaller businesses and institutions who are lucky if they can afford one full-time cybersecurity person.

There are, however, some simple steps a small business can take to make their cyber defenses stronger without breaking the bank.

1. Conduct a Data Inventory

What kinds of sensitive data do you need to protect? Do you have customer data – credit cards, social security numbers, addresses, medical information – as well as sensitive employee information like payroll and bank account data?

2. How is your Data Protected?

It would be simple to protect your sensitive data if it all resided on one computer that was never connected to the internet or another computer. If, like most businesses, however, your data is shared on a network, there are several questions you need to ask. Who has access to that data? How is it accessed?

3. Develop a Privacy Policy

Trust between a customer and a business takes years to develop but can vanish in the time it takes a hacker to dump your sensitive data online or, as is becoming increasingly common, lock up your network with ransomware. Create a privacy policy, stating the information you collect from customers, what you do with it and how it is protected.

4. Create Layers of Security

Don’t just rely on passwords to protect your data. You are giving the hacker only one lock to pick before he can access your most sensitive information. Establish layers of security where access to the system is limited to what people need to know. Consider prioritizing your data into categories like “internal use only,” “sensitive,” and “highly classified.”

5. Encourage Everyone to Report Losses Quickly

Embarrassed or upset over a security lapse they caused, it’s perhaps understandable that an employee or contractor would want to hide it. This attitude can cause untold damage. Not only does it leave the problem unresolved, it leaves the door open for hackers to wreak even more havoc. Encourage everyone, staff and contractors, to report breaches immediately.

Our CyberSAFE training certification program is aimed at helping non-tech employees learn to spot common cybersecurity risks. Learn how you can make your workers the first line of defense here.