With business data breaches becoming a common story on the evening news, small businesses need to be vigilant about securing their systems and technology to protect their customers and their operations. Symantec’s 2014 Internet Security Threat Report found that web-based attacks, targeted attacks and the number of breaches all significantly increased in 2013 and one in eight websites have a liability vulnerable to attacks. Make your business data difficult to access and manipulate so criminals move on to easier targets by knowing how data breaches occur, minimizing risk and regularly monitoring security.
How Data Breaches Occur
Equifax Personal Solutions Senior Vice President Scott Mitic cautions companies that data breaches aren’t just happening by anonymous hackers in cyberspace. Although breaches do occur this way, companies are also vulnerable to security breaches from physical access to sensitive confidential information. Physical access to systems can be by employees who use databases, vendors or outsourced IT service personnel who are onsite to perform work. A company’s website or interface are opportunities for hackers to try their hand at finding weaknesses in security that they can exploit to get further access to business financial data, employee data and customer data. Red flags that indicate data breach activity include missing company equipment such as laptops, smart phones, or tablets that may have sensitive data and suspicious phone calls about employee remote access to systems or password resets. Reports from systems monitoring programs or services about unauthorized access attempts help small businesses know when their systems are being targeted so they can increase security measures.
Minimizing Risk
Adam Levin, writing for Forbes on “How to Prepare Your Small Business for an Inevitable Data Breach,” recommends taking proactive security measures rather than waiting until something occurs that puts your data at risk. He recommends doing the following:
- Implement security policies and procedures and put someone in charge of maintaining compliance with them.
- Train employees on your security policies and procedures and about security issues such as phishing emails that try to get them to reveal or reset passwords and not leaving unsecured physical files or devices unattended.
- Limit and monitor access to systems and databases and put someone in charge of doing so, along with assigning someone secondary responsibility for checks and balances.
- Put financial systems on a separate, isolated computer than other systems in use.
- Use an outside security audit for regular review of systems threats.
Regularly Monitor Security
Make security a top priority with regular, ongoing security monitoring. Conduct and document frequent network penetration testing to determine if there are ways to get unauthorized access and fix any vulnerability as soon as you become aware of them. Automate security alerts for unusual activity on your systems to be able to take action right away. Identity theft protection software, such as LifeLock, can protect your personal and business information and monitor all of your data. Make it a mandatory policy to regularly install all new security updates on all equipment, even smart phones and other hand-held devices your employees bring in to work. Take care with vendors and require them to follow the same security policies and procedures as your company. William Hughs, Guest Blogger for the All Access Group, LLC
———————————————————-
PS: If you’re building a team to move your best projects forward, remember that the music to making it all work is your mentor. A powerful mentor should be an ally who sees your vision, a leader who brings the very best people and advisors, and a clear picture of how to get from starting point to end game. If you’re looking for that, I’d love to have a conversation with you.
Kelli Richards
