Data Security – Fresh Reminders to Minimize Your Risk
Many small business owners assume they are not famous enough to be the target of cyberattacks. This mindset can lead to all sorts of trouble, including loss of your most valuable assets: customer and employee data.
In 2016, 71% of ransomware cyberattacks were aimed at businesses with less than 100 employees.**** Even though small businesses tend to neglect cybersecurity, one thing is for certain: it’s much easier to get inside an unprotected system than it is to penetrate the security of big corporations.
Remember that hackers can steal money, employee details, customer data, and other valuable information. Moreover, a data breach can permanently damage your relationship with employees and customers. In the end, it will hinder the growth of your business.
But that’s not the scariest part. Current statistics state that approximately 60% of small to mid-sized businesses that have been victims of cyberattacks will go out of business within six months.*
What’s Out There? Viruses, malware, hackers, all are criminals. All are malicious and intended to steal your valuable business data. An undetected virus or malware could easily infect and corrupt important data, access private information, spread spam and leak confidential details. Viruses are always harmful to business data and can harm the reputation of your business.
Hackers are thieves of the internet, with only one purpose – to steal money, private information for resale or their own use, and ruin the livelihood of the anyone in their path.
What Can I Do? Managing data securely is now a priority in every industry, regardless of whether you own a repair shop or multiple restaurants. There are many risks, threats and consequences when businesses don’t take data security seriously. Despite the overwhelming odds in favor of a data breach at your business, there are several preventive security measures that should be taken by businesses of all sizes to minimize the risk of a data breach:
1. Data Backup Process – Make it a Habit: Backing up data on a regular basis should be a routine for all serious businesses. Data backup is important for businesses because it allows them to access data from an earlier time. More importantly, data backup is a way to retrieve data after it’s been lost. Data backup is the first step towards data security.
2. Have a Data Recovery Plan (ahead of time…): Data recovery is a process of reclaiming data that is no longer easily accessible due to corrupted or damaged storage. In most cases, implementing regular data backups can significantly ease the process of data recovery. A data recovery plan should be a part of the data security strategy of every business.
3. Install a Firewall in Your Network: A firewall is one of the first lines of defense against a cyberattack. Therefore, you need to provide a firewall for each computer that your employees use. Not just the computers at work, but also those at their homes as well as any portable devices including smart watches and fitness trackers. Firewalls installed in your entire network will monitor the network traffic and control it based on access and security rules that you put into place. A firewall is a barrier between your internal network, and the internet (the world in general).
4.Train your employees: Employees are your first and last line of defense. Training your employees about cybersecurity should be one of your highest priorities. Your employees need to be aware of all the different data protection procedures that you are implementing. Your data security documents are a must read. Every employee should know them by heart.
Teach your employees to be suspicious when receiving emails with embedded links or attachments of any kind. While they may look legitimate, clicking a link or attachment can hand over access to your computer and network to hackers.***
5. Install Anti-Malware Software: Consider this scary fact, 30% of employees in the USA opened phishing emails**. These phishing attacks can do some scary stuff. Often all it takes is that an employee clicks on a single link in a suspicious email, and the malware gets installed immediately. It’s crucial to install anti-malware software on all devices. But, it’s also important to educate your employees to differentiate a legitimate email from an illegitimate one. It’s the best way to avoid clicking on suspicious email links. Here are other helpful tips:
- Be extremely cautious of unexpected emails that ask you to click a link to log into an account to update information or fix a problem. These are likely fake and designed to steal valuable information.
- Never enter credit card numbers or other valuable information on a website that is not secure. If a website is secure, its URL will begin with HTTPS, instead of just HTTP.
- You should also double check that you’re on the site you intend to be on whenever entering such information.
- Never, ever email sensitive information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. Email databases and accounts are inherently insecure, and if malicious parties get access they can often see or get everything.
- Scammers may also pose as company executives or employees to steal information. If you receive a request to email any such sensitive information, do not respond to it.
- When getting rid of physical documents with sensitive information, use a secure shredding company to ensure proper disposal and that documents related to an employee’s identity are secure.
- When getting rid of hardware or donating it, completely wipe its hard drives and storage. You don’t want someone finding an old company laptop, thumb drive, or computer and gaining access to information stored on it.
6. Enforce Good Password Habits: It’s imperative that you require your employees to use strong and unique passwords for all their accounts. Such passwords aren’t fully impenetrable, but it’s the first step towards ensuring basic protection of your data. CEOHR’s payroll website hosted by PrismHR will encourage employees to change their password every 30 days.
You may want to consider using password management software for your employees. For help with passwords, using a password-generation resource such as https://strongpasswordgenerator.com/ can easily provide complex passwords. Such software includes tools to easily generate strong random passwords. It also remembers the password so your employees don’t have to. This is an easy way to encourage everyone to use complex passwords. Keep in mind, using complex passwords means they’re harder to breach, (but not impossible).
7. Cover all Potential Loopholes: Small businesses often leave the accounts of former employees intact. This has the potential of resulting in massive data breach. Since small businesses do their business based on trust, they don’t see this as a potential risk. But all it takes is one employee who still holds a grudge against your company to wreak havoc on your data. Fortunately, this issue is super-easy to handle. Simply terminate the PrismHR accounts of former employees the moment they stop working for you. See your Payroll Specialist if you have any questions regarding this.
Ongoing vigilance is the best practice to minimize the vulnerability or your company. Establish ‘Best Practices’ for your company and work with a security expert to mitigate your overall security risk.
For more information about data security best practices, call or email our CEOHR Human Resources or Payroll department (941) 907-4520 or email firstname.lastname@example.org.
Cindy Laviolette, PHR, SHRM-CP, HRBP
Vice President of Human Resources
Other references and knowledge contributed by: https://smallbusiness.com/security/security-small-business/;