5 Ways Small Business Can Avoid Data Breaches

September 24, 2015

You don’t have to be the size of Ashley Madison or Target to have your website hacked. No business, no matter its size, is immune from a data breach. Hackers, phishers and scammers will attack randomly, and sometimes target small businesses because they think they may have less security than large companies. Here are some steps you can take to avoid becoming a victim.

1. Collect only the data you need, and keep it only as long as you need to. As reported by the Federal Trade Commission, only those people who absolutely need to have access to sensitive data should have it. Restrict access to only those employees who require the information to do their jobs. When you consider that small business loss due to embezzlement was $280,000 last year, restricting access to customer data should be a high priority for all business owners.

2. Make sure passwords are secure and authentication is comprehensive. As annoying as it is, passwords need to be complex. The FTC suggests locking users out after a certain number of incorrect password attempts. Consider two-factor authentication if it’s appropriate. This uses a password and another factor, such as a pin code sent to a mobile device or a fingerprint. This is particularly important if you or your employees access company data from more than once device. It’s common for people to do work from anywhere, using a laptop, tablet or smartphone. The password requirements you have for your office computer should be in force on these devices as well.

3. Make sure data in motion is encrypted throughout its journey. Make sure it’s encrypted on your server, while it’s being transmitted, and on the receiving server. Use existing encryption tools and procedures—there’s no sense in reinventing the wheel. Encryption won’t guarantee you won’t be hacked, but it makes it harder to so, so a hacker may move on to another business that’s less protected.

4. Make sure you know who’s accessing your network. If you have clients, contractors or vendors who will need to access your network, restrict that access to the information they need. Make sure the service providers you use are taking adequate security measures. Third parties should sign contracts that confirm that they have adequate security in place to protect your data.

5. Don’t forget the physical information. A data breach doesn't have to be electronic. Make sure your paper files, storage media and devices are secured. Pay special attention to point of sale devices, which are vulnerable to skimming attacks that capture credit card data as the card is scanned. For more information on preventing a breach, visit the National Cyber Security Alliance website at StaySafeOnline.org. The NCSA is a public private partnership of Department of Homeland Security, corporate founding sponsors and non-profit collaborators. Prevention is important, but it doesn't guarantee you’ll be immune from a breach. With the cost of a breach estimated at $200 per record or more, cyber insurance for small businesses is a smart investment.