Last week, we talked about the importance of data security for small businesses and offered tips on how to improve your password security, improve your resiliency against social engineering, and instill security awareness into your employees. Taking preventative measures is essential for any business that wants to avoid the trillion-dollar cost of a data breach. This week, we will continue our discussion on securing your data of both your company and your customer. Regardless of your size, your relationships with your customers are built on trust – specifically, the trust that you will work for their good, not their “bad”. Keeping their data safe and secure is a great way to maintain trust and even improve the trust that your customers place in your company. Events like the Equifax and Facebook data breaches have raised general awareness regarding data security and being aware of this growing concern as a business will help you to take steps to avoid seeing your company in the headlines.
Laptops, phones, and widgets
As a small business owner, you may give your employees access to company information on their personal devices in order to avoid getting them a “company phone” or other expenses. This is a common practice and completely understandable, given the typical expenses brought by providing company equipment. It is worth noting, however, that most people do not properly secure their device, leaving it available to anyone willing to “swipe to unlock.” Though your employees may be careful stewards of company equipment, we are all human, prone to be forgetful when we are in a rush or preoccupied with our busy lives. Securing all devices with access to company data is important in the event that a device is stolen or lost. Mitigate the risk of a company-wide breach by securing your devices, training your employees in security awareness, and testing them on their alertness.
Tips To Secure Mobile Devices
1. Software Updates
Make sure that all employees with mobile access to your company’s data are updating their phones with new software updates as soon as possible. Rather than constantly “skipping it until later”, train your employees to always update their phones to the latest software patches as soon as they can. On a related note, employees with jail-broken or rooted devices should not have company access. If you are unfamiliar with the term, “jailbreaking” a device means that you wipe a device’s pre-installed operating system with another operating system. This is also known as “flashing” in some contexts and is insecure for many reasons. Essentially, it removes the built-in security that the manufacturer initially placed on the phone, making the phone a prime target for criminals. In summary, always update your phone to the latest software update.
2. Locking Devices
If your employees need to have access to company data, make sure that they are locking their device with a PIN or password to impede easy access by a hacker. Also, train them on the art of making a good password that is both memorable and reasonably complex. Whether they use a PIN or passphrase on their mobile phone, ensure that they are keeping company data secure both on and off of the premises.
3. Understanding Limits
If you do issue devices to your employees, make sure that they understand that company devices are for work only, not for personal use. While it may be tempting to use that iPhone XS to impress their friends, mixing their personal and professional contacts on a work device increases your company’s attack surface. In other words, your employees should keep it professional.
Accessing The Internet
As your employees use their company-issued devices to conduct business, they will obviously need to connect to the Internet at some point. The Internet, while opening up a world of opportunities, also exponentially increases your company’s vulnerability to attacks if your employees are not security-conscious. Before granting them company access on their devices, train them in general security knowledge to prevent massive problems in the future.
3 Tips for Staying Safe Online
1. Don’t Use Public Wi-Fi
As they travel to various places, your employees may be tempted to use the public Wi-Fi networks that are available in many outlets and restaurants. Remind them during their training that the public networks are a favorite target of hackers and criminals who “hang around” the network and wait for some juicy tidbit to come through the air. Make sure that your employees only use trusted and secure networks for company business – never public networks.
2. Read Before You Sign
If you use cloud services or third parties in your company, be sure to review the privacy and security policies of that provider before signing any paperwork. Due to their increasing adoption rate, cloud systems have become a prime target for hackers who eagerly rush toward the goldmine. While there are secure cloud storage options, you obviously want to make that you are signing up with one of those companies, not their less secure competitors. Similarly, review the privacy policies of any company partners and see if they’re taking the same level of caution as you are with your information.
3. Use Protection
Don’t start squirming, we’re still talking about network security. When your employees are accessing company data, secure their network with a firewall and make sure that antivirus software is installed on the device as well. If privacy is important in your business operations, invest in a good VPN and install in on all company devices. Ensure that your employees’ network access is guarded and protect your company’s data.
Under Lock & Key
We live in a world where paperwork and forms abound while the space to store them shrinks by the minute. As a business owner, it is important that you store your data in a secure environment, safe from prying eyes. Controlling who has access to what information is a great way to keep tabs on information as it flows throughout your business. One way to easily manage access control is to become a paperless company. Storing your forms and paperworks not only allows for access control through software but it also allows you to encrypt your data, making sure only you can read it. If you opt for a local option, just be sure that it offers at least comparable security to a cloud storage option. The idea is to control who can access your data while it is not being used in you business operations.
3 Tips for Securing Data Storage
1. Consider Going Paperless
As a company, there are many benefits to going paperles. It’s also quite easy to do, given the enormous amount of software options on the market. Being paperless gives you flexible access to your data while still keeping it secure and safe. Whether you opt for a an encrypted cloud storage option or a local storage option, the decision to become a paperless company will not only offer you security, but also allow you to easily manage forms and paperwork in a clutter-free environment.
2. Secure Your Office
Installing locks and keypad codes may seem like overkill for you but it is essential to maintaining your company’s data security. Unless you have a purely online business, the security of your physical location is just as important as your digital security practices. Hiring a top-quality security service and keeping everything “under lock and key” are two steps toward further securing your company data.
3. Encryption Is Essential
Storing your data on a hard drive in a safe is no longer acceptable security, especially in today’s world. If you want to maintain the integrity of your security, make sure that any hard drives or devices are fully encrypted, safe from prying eyes. If you decide to opt for a cloud storage provider, consider opting for a “zero knowledge” provider. The term “zero knowledge” refers to the strong cryptographic processes by which they encrypt your data – to the point that even they can’t read your data. In the event that a “zero-knowledge” provider’s servers are hacked, all the criminal gets is gobbledygook. If cloud storage is not your “thing”, then definitely encrypt all local storage mediums (USB, hard drives, laptops, etc.) with full disk encryption. Making your data unreadable to prying eyes will reduce the possibility that your company is in the headlines.
As a business owner, you understand the importance of staying relevant to customers and keeping an eye out for where there are opportunities to fully address their concerns. Data security is not about being paranoid, but rather about your company avoiding a breach of the trust that your customers have placed in you. As privacy and security concerns become more prevalent, struggles with the question of whether or not to incorporate security measures can be resolved by answering this question: Do you want to make the headlines?