Not only can lapses in security negatively impact your bottom line, but they can also potentially run your business into the ground. Approximately 60% of small businesses that are hit by a cyberattack go out of business within 6 months.
No matter how big or small your business is, you need to take the necessary step to ensure its security on the internet.
Any Website Can Be a Target of a Cyber Attack
The biggest reason a company becomes a victim of a cyber attack is complacency. Don’t make the mistake of assuming that your business is too small for cybercriminals to bother with.
In a hacker’s mind, “small” equals easily exploitable. Cybercriminals prey on small businesses that don’t have a large department of IT experts and an unlimited security budget. Consider cyberattacks to be inevitable.
There should be at least one employee who is in charge of network security. It doesn’t necessarily have to be a full-time role—as long as the person who is tasked with setting up the security systems makes an effort to stay current on potential threats.
Moreover, they need to stay on top of practices and development implementations that will keep your website and business data safe. These can include ensuring your site has an SSL certificate and that it is installed correctly, or making sure your business is following file and folder permission best practices.
Train Employees in Security Principles
Having one employee that will be in charge of security is key, but it’s not enough. To ensure you will have a secure network, you need to establish security practices, processes, and policies for everyone.
After you establish appropriate internet use guidelines and processes, you need to make sure every staff member is aware of them. You need to train your employees on how to handle vital data and detail penalties for violating the business’ cybersecurity policies. For instance, many companies don’t allow their employees to use the office internet for personal matters.
Most developed countries have laws (such as CCPA and GDPR) that oblige companies to protect customer information. You are responsible for providing your employees with the tools they need to protect customer data as well as keep your business secure on the internet.
Let’s say a customer has requested that you delete their personal data. There should be a specific process your employees should follow in order to carry out this request.
For instance, the process can detail what exactly constitutes personal data according to GDPR (current living situation, biographical information, medical history, looks and appearance, etc.) so that the employee can know what specific information they need to remove.
Each time you add a new feature to your website or smartphone app, you need to take into account the security risks that come with it and convey them to your employees. Moreover, you need to teach them how to mitigate those risks.
Let’s say you have a smaller car insurance business and have decided to add an AI-powered insurance bot to your website to help customers file claims. You need to consider their privacy concerns. How will the chatbot conduct user identity authentication and authorization? How will it protect users’ data?
To make sure everything goes as planned, you and your employees may need to carry out a proof of concept exercise (POC) before you launch the new feature. To lower the risk of rogue implementation of the digital assistant, employee training is key.
Clean and Update
Cybercriminals scan sites and networks in search of outdated software. Older versions of software may have vulnerabilities that they can exploit.
Updates are key to keeping your software and hardware relevant, and yet we often overlook them. If you tend to forget to install the latest security updates, you can set improvements and patches to automatically update in the background.
If a program doesn’t ofter automatic software updates, set a reminder to check for updates and update the program as soon as you see that there are updates available.
Employ Best Practices on Payment Systems
If your business has stored a vast amount of sensitive information online, working with online banking processors or systems can be risky. Make sure to use the most validated and trusted payment forms and tools or use a software that provides the security measures you need, taking this “task” off your plate.
You should isolate your payment system from other programs. If you are not that tech-savvy, this is easier said than done. This is another reason why using good payment processing software is important.
It’s best to choose software that processes payments through its own secure server.
Moreover, you should only use software that is PCI compliant. Depending on your agreement with your processor or bank, you may have additional security obligations. Make sure you know what they are.
Be Smart About Smartphones
As mentioned, it’s important to have a clear internet use policy in the workplace. However, since a landline and a desktop computer are no longer enough for a solid day of work, enforcing a straightforward internet use policy isn’t as easy as it used to be.
Most of us carry around smartphones, flash drives, tablets, and laptops. All of these devices are a security nightmare. When used for personal reasons, networked smartphones are an online security hazard.
Lost business phones are also a significant concern. If a smartphone that’s used to conduct business ends up in the wrong hands, you can expect a cybersecurity disaster.
At the very least, provide your employees with smartphones they will use solely for business. Make sure every business phone in your company has whole-disk encryption software, password protection, and a remote wipe app. So, if a business phone gets stolen or goes missing, you can erase all the data and prevent anyone else from accessing it.
Updating or changing passwords from time to time is one of the simplest ways to keep your business secure on the internet.
You can ensure every computer in your office is safe and protected by requiring staff members to use strong passwords and change them every 3 months.
Length isn’t the only key aspect of a strong password. To create a unique password, you need to include a mix of symbols, numbers, as well as upper and lower case letters. It should not include dictionary words and ties to personal information. It’s also a good idea to implement multi-factor authentication for every account.
Dispose of Data Safely
You can’t just throw out outdated laptops and smartphones in the trash and call it a day. Whether you plan to get rid of a piece of equipment or repurpose it for another employee, you need to completely destroy all the data.
Manually clicking delete on every file and emptying out the recycling bin won’t cut it, and destroying the computer with a hammer isn’t the most sustainable option.
Use wiping software to remove all the sensitive data from the computer. Instead of simply deleting the sensitive files, the wiping software will replace all the information with randomized characters.
Then, you should use a degausser to demagnetize the hard drive. Finally, you should physically destroy it with a hard drive shredder. The process isn’t as fun as hammering the whole thing down, but it is much more effective.
Be Clear on the Terms of Service
Whether you are signing an agreement with a client or hiring the services of another business (such as a cloud provider), you need to be very clear on the Terms of Service (TOS).
When it comes to ToS agreements you have your clients sign, you should lay out what your company is doing to protect their data.
However, in order to protect your business, it is equally important to state what responsibilities regarding the protection of their data do not fall onto you. Moreover, the ToS agreement should highlight the role the client has in protecting their own data.
The TOS agreements you have with the businesses you hire should also be very clear when it comes to matters of security.
Let’s say you want to hire a cloud service provider. The TOS should detail where the data will actually be physically stored, what happens to the data if the contract is terminated, and what specific steps the provider will take to protect your data.
Michael has been working in marketing for almost a decade and has worked with a huge range of clients, which has made him knowledgeable on many different subjects. He has recently rediscovered a passion for writing and hopes to make it a daily habit. You can read more of Michael’s work at Qeedle.