In 2018, hackers stole nearly half a billion consumer records with sensitive personal information. This statistic was up 126% from 2017. Many small businesses think they are too small to attract hackers looking for this information. But more than 43% of cyber attacks are targeted towards small businesses. For this reason, small business leaders must prioritize data security.
Unfortunately, that’s often not the case. We’ve lost count of the business-owners we’ve worked with who are making critical mistakes when it comes to data security without realizing it. Here are the four most common errors we see and recommendations from our experts to correct them.
Improper Cloud Strategies
Many business leaders have been led to believe that simply moving to the cloud guarantees data protection. While this can certainly be the case, the cloud is not an impenetrable fortress. It is critical to be cognizant of how your data is being protected, especially if you’re using a public cloud provider used by other companies. Software as a Service (SaaS) can be customized to meet your company’s specific security needs if you discuss them with the vendor.
The Fix: Implement an Independent Data Back Up Strategy
You should also have a plan for backing up your most important data locally. This gives you a backup plan should something happen to your data in the cloud. On top of developing such a strategy, opt for cloud storage services that offer local encryption for your data. These few preventive measures will go a long way to keep your sensitive information secure.
Bring Your Own Device (BYOD) Vulnerabilities
When you look at the data threats businesses face, it quickly becomes clear that improper BYOD strategies present one of the biggest risks. In fact, a study of 10 million mobile device subscribers shows that 60 percent of devices in enterprise BYOD environments are vulnerable to known cyber threats.
The Fix: Develop a Mobile Device Management (MDM) Policy
If you want to protect your organization’s data, you have to be proactive with developing BYOD policies that address high-risk factors and promote safety and security. In particular, you need a method for tracking and wiping devices if they become lost or stolen.
Passwords—simple strings of 8-10 characters—are often the only thing keeping your online accounts and your sensitive data secure. Doesn’t it make sense to make this password as complex and difficult to crack as possible? In theory, yes, but a surprising number of people still use the word “password” as their password!
The Fix: Use Strong Passwords and Two-Factor Authentication
For your passwords, you should be using upper- and lower-case letters, numbers, and symbols in a seemingly random string of characters. Doing so keeps hackers from guessing your password and accessing an account. If keeping track of passwords like this seems daunting, consider a password manager. Even better, implement multi-factor authentication for your organization in order to implement a layered defense strategy.
Overlooking Your People
When working with new and prospective clients, we find people tend to focus on the role of technology and cyber security tools to protect sensitive data from people. However, they often overlook the fact that while people can be your greatest risk, they can also be your greatest asset. Your employees access important information on a day-to-day basis, and they are often in contact with more threats than you’d like them to be. Something as simple as a spam message in the wrong inbox or a carefully disguised link could be all it takes to expose your business to or save it from a threat.
The Fix: Educate Your Users on Best Practices
Take the time to teach your employees how to identify potentially dangerous scenarios, like phishing phone calls and sketchy emails or attachments. Often times, can prevent attacks simply by keeping your employees informed. In terms of data security, you need to make sure all of your employees—not just the higher-ups—are trained and prepared for how to handle confidential data and the systems that use and protect it. It’s the only way to close the loopholes that exist in your company’s defense.
Technology changes quickly and small business owners are always stretched for time, so it’s no surprise that many SMBs procrastinate when it comes to data security. But it’s also no excuse. Once you have customer data of any kind in your possession, it is your responsibility to hold it in a secure way. The first step is to be thoughtful about the data your business is collecting and storing.
Similarly to doing routine maintenance on your car, investing in prevention usually costs less in the long run. “Expensive” is relative to each individual business owner, but a data breach can be incredibly costly to clean up after the fact. Not only could you be legally exposed to financial consequences if unauthorized parties gain access to your private customer data, the damage to your business’ reputation could be devastating.