How to protect your small business from a Data Breach -
It seems that the business world has been plagued by data breaches over the last year and if recent Sony Pictures hack is any indication, it's not likely to change anytime soon. As a result of these flaws, companies and customers alike back what mistakes were made and wonder what we could have done better. Although violations that make the news are those that hit large companies - such as Target, JPMorgan Chase and community health systems - thousands of small businesses are just as (if not more) vulnerable to malicious attacks. If you own a small business, you may be wondering what can be done to help protect your business to share the same fate. After all, a large retailer might have the money in hand to mitigate the damage caused by a major data breach, but a mom and pop store probably will not.
Small businesses are the main targets of the pirates
according to a survey conducted in 2013 by the Ponemon Institute, which searches independently privacy policy, data protection and security of information, the majority of small businesses do not have the resources or knowledge to protect against attacks. A third of respondents to the survey did not know whether or not they had been attacked cyber during the past 12 months - and nearly 60% admitted not having adequate computing experience. Hackers know that small businesses are generally not equipped to deal with an attack - or even realize we spent - making it perfect targets. For each violation of major retailers, we hear, thousands of small commercial offenses occurred and largely unnoticed, except by fairly unhappy customers or businesses to suffer the consequences of having their data stolen.
What are the consequences of a data breach?
Like the Sony breach has shown, the consequences are almost limitless. Depending on how much and what type of data is compromised, all of the customer information - credit card numbers, home address, phone numbers, etc. - The conduct of sensitive cases may fall into the hands of criminals bound and determined to do their worst with the information. Companies run the risk of losing the confidence and support from clients and face lawsuits from employees and customers based on this type of data is lost. Companies like Target can afford to offer customers protection against identity theft charge to all affected customers and promise to pay for financial damages, but many small businesses do not have that kind of money . A data breach could sound the death knell for a total small business.
How small businesses can protect themselves?
1. Train and educate your employees about data security. To protect your data, it is important for your employees to be informed about how to treat it. Creating protocol on sharing, synchronization, and other use of company data that your employees are trained and should follow to help minimize confusion in this area. Many employees may not realize, for instance, the connection of their personal cell phone to the corporate network makes the company vulnerable to any malware that might be on their phone. The policies require personal cell phones while off wireless office and some security settings activated can go a long way. Lax safety, especially as regards connections, is another area where employees need additional training. Discuss the importance of creating passwords, and to institute mandatory password changes for computers, e-mail and other important accounts on a regular basis.
2. Use a cloud backup service to manage data. When employees use personal backup or synchronization services with business data, you open your company to the possibility of a violation. Many cloud backup services offer business plans at great prices that allow you not only to store sensitive data of your business, but you can add individual user accounts so that employees can save their computers as well. Some services such as Carbonite - our first choice - even offering to back up your servers for an additional cost. Using the cloud backup means that employees can share files safely and securely with each other.
3. Keep separate work and personal. When the data leaves your company, you can not control where or how it could become accessible to others. If you allow employees to work from home computers, install programs to monitor that only work done on them. Your employees use mobile devices emitted business? Make sure you train them to never connect to unsecured Wi-Fi networks on the road. Connecting a computer or mobile device to an unsecured Wi-Fi network leaves completely vulnerable to attack. Some unsecured networks are set up by scammers with intent to steal data from computers or devices that unsuspecting people connect to these networks.
It is also wise to consider blocking social media and other sites as billboards in your office network. malicious links posted on social media constantly, and one click could open your entire computer network to a host of problems - including data theft. If you allow your employees to use social media, be sure to install an Internet security software on each computer used by your company. These programs are designed to block and destroy malware, among other protections. Most antivirus software services offer commercial versions of their software, or group discounts for companies looking to protect all of their employees.
4. Have an "exit strategy" for when employees leave your company. A good example to explain why this is necessary is the recent exposure of Deloitte salary information in Sony Pictures Hack. While Deloitte was not hacked the company, the attack resulted in Deloitte files being lifted from the computer of a Sony employee who worked in human resources at Deloitte. If this person had been trained in the proper disposal of all Deloitte data (and if the company's data had been more closely monitored), this may not take place. If employees have knowledge passwords on shared accounts, be sure to change these credentials when an employee leaves the company.
Ultimately, cyber attacks will occur. Take as many steps as you can to protect your company and your employees vulnerability is the best way to minimize the risk of an attack with serious damage.
0 comments:
Post a Comment