It’s no secret that cybersecurity should be a top priority for any business, big or small. But if your business has remote workers or if you have a small staff working from multiple locations, you may be wondering — why does my small business need to worry about data security?
More than half of all cyberattacks are committed against small to midsize businesses. And cyberattacks on remote workers rose 238% during the pandemic. Despite this, 47% do not have a cybersecurity defense plan in place.
Arm your small business against all-too-common breaches by implementing the following security measures we’re listing below.
1. Train Your Remote Workforce on Data Security
Fifty percent of organizations don’t provide cybersecurity training for their employees. New threats are constantly developing, so your approach to training should be ingrained in your organization’s daily operations.
If you’re not ready to invest in heavy training yet, below are some of the most referenced online resources you can use to train your employees:
- The National Security Agency offers free guides and resources on understanding various kinds of cyber threats and how you can be better prepared.
2. Secure Customer and Employee PII
Personally identifiable information (PII) includes data such as Social Security numbers, driver’s license numbers, credit card information, etc. Safeguarding all your business and customer data is an ethical practice. These laws and guidelines can be useful:
- The US Privacy Act of 1974: Ensures there’s a code of fair information sharing practices on how federal agencies can collect, use, and disclose personal information of individuals.
- National Institute of Standards and Technology: Offers a set of guidelines to protect PII that you can reference whenever you need to.
3. Consider Password Management Software
To securely share company-wide logins, use a password management software such as LastPass or 1Password. This will ensure your remote workers aren’t using the same password for everything or saving passwords in their browsers or in computer documents. This is even more crucial when remote workers are using public wi-fi or shared co-working spaces or are working while they travel to different cities or even countries. Password software is easy to set up and there are tips to make sure you’re getting the most out of it. Here’s why you need one:
- Individual vaults are created that are encrypted with password information
- The browser doesn’t save any password information while accessing it
- You get a heads-up on using the same password on more than one account
- Prompts communication on a possible data-breach so you can immediately change it
4. Exercise Payment Processing Best Practices
If you’re a company that needs to store credit card information, for example, for recurring payments, consider using a third-party payment processor such as CardX or Stripe. While these might be slightly higher in cost, the fees are transparent and can be really useful as your business expands in the future. We’d recommend doing your research on the best third-party payment processors and when to use one. Using one also reduces liability on your part.
Here are a few best practices to follow while dealing with online customer payments:
- It’s an easy one, but requesting the CVV can go a long way in ensuring the information belongs to the right credit card owner
- Continuous fraud monitoring on your end or via a third party that specializes in it (you could even talk to your bank about it)
- Ensuring your business is PCI compliant to reduce the risk of payment fraud
5. Basic Security Measures for Every Small Business
Install Security Software
Antivirus software blocks employees from downloading malicious files by mistake. While it sounds like a bare-minimum requirement, it bears repeating as the business world continues to thrive in a remote environment.
McAfee, Kaspersky, and Norton are some of the most popular options you could explore. Kaspersky offers additional security features such as browser encryption and Norton offers a secure VPN. If your remote workforce needs to access servers from multiple off-site locations or a public wi-fi, adding this will ensure the data is not compromised.
Secure All Wi-Fi Networks
One of the most effective ways of safeguarding your data via your wi-fi network is to turn on “wireless network encryption.” This will ensure that the data you’re accessing is not easily comprehended in case of a cyberattack or even a small stint of hacking.
If your remote workers’ devices are older than 10 years, you’d want to make sure those are upgraded. Generally, the most secure encryption you can use for your wi-fi networks in a controlled environment, such as your home, is WPA3 and you can easily check its compatibility with various remote devices.
Set a Backup Schedule
Back up all critical data — like Word documents, spreadsheets, data, employee and customer records, and more and look to automate this process. And let’s not forget about mobile devices too. More often than not, employees will be accessing information on your mobile devices and minimizing app downloads or restricting access to only “desktop” in critical areas can go a long way.
Implement Two-Factor Authentication
Two-factor authentication (2FA), or its close companion multi-factor authorization (MFA), ensures whoever is logging into an account is, in fact, who they say they are. Popular methods of 2FA include facial recognition, fingerprints, a texted mobile access code, or security questions. Ensure all software and programs — especially those that contain sensitive data or information — are equipped with 2FA.
Been Hacked? Here’s What to Do Next
If you suspect you’ve been the victim of a security breach, the Federal Trade Commission (FTC) has very clear guidelines on next steps to secure your data and notify your team and customers. Here’s a summary of key points, but keep in mind this isn’t an exhaustive list of action items.
- Secure your operations: If you have a contingency plan, then implement it immediately. If not, reach out to your in-house IT team or the external party to begin a total lockdown of systems till you’ve figured out how to respond.
- Notify law enforcement: Under the General Data Protection Regulations (GDPR), within 72 hours of a data breach, it must be reported to the relevant authority – the police, FBI or Homeland Security depending upon the nature of your business.
- Let your cyber insurance company know: If you have cyber insurance, make a claim. If you don’t, it would be the right next step once things settle down a bit to apply for cyber insurance to futureproof your data.
- Notify customers: You should be very clear on what happened, when it happened, what information may have been stolen, what the business is doing about it, and what customers should do to protect themselves.
Building a Cyber Security Plan
If you’ve already been hacked or are concerned that your data security isn’t quite strong, building a cyber security plan would be the first step forward. If you don’t know where to begin, you can create one with the help of the Federal Communication Commission’s (FCC) Small Biz Cyber Planner 2.0. You may also consider getting a Cyber Essential Certification for your small business to ensure you’re safeguarding your most critical data.
Continuing to strengthen your cyber security measures will always be worth your efforts and money. While some small businesses might still learn the hard way despite all precautions, being proactive and protected against cyberattacks will remain the best strategy. Utilize small business resources to learn more about how to protect yourself and your employees and turn to professionals when you need help.