Is Your SMB's Cybersecurity Policy Up to Snuff?
As the juicy details of colossal corporations’ data breaches (Ashley Madison, Target, Apple) get splashed across the front page of every news outlet, it’s often easy for SMBs to feel secure in their relative anonymity within the shadows of these massive companies. After all, what could hackers possibly want from the little guy?
Think again. Even though your company may not be as salacious as Ashley Madison, or as gargantuan as Apple’s iCloud, it is nevertheless at risk of data breaches—especially if your cyber security is not up to snuff. While the big data breaches may make headlines, for every high-profile case, there are dozens of threats to confidential data held by everyday enterprises—community centers, law offices, colleges, dentist offices, etc.
Unlike large corporations, SMBs are at risk of data breaches due to cybercriminals affinity for “low hanging fruit”. For example, small and medium-sized businesses are less likely to have the nearly airtight security measures of their big business counterparts, making them sitting ducks for malicious hackers looking to exploit an easy target.
If this isn’t enough to fire up your security engines, a recent court ruling granted the FTC (Federal Trade Commission) the right to pursue legal action against companies guilty of insufficiently protecting their customer’s data. Not only would such a lawsuit financially devastate a business due to heaping fines, but also destroy its reputation among consumers.
However, don’t panic just yet. Luckily, there is still time to get your company’s cybersecurity policies in compliance with the new FTC guidelines if you haven’t done so just yet.
5 Tips to Strengthen Cybersecurity Policies
When constructing a comprehensive data security strategy, companies should consider the type of information they collect, how long it is kept, and who has access to it.
1. Make sure you use good password policies. When it comes to passwords, the length and randomness of the characters are the biggest factors in security. If possible, use 2-factor authentication and change your password often.
2. Encrypt sensitive data. Make sure that your business’ data is both stored and sent encrypted—and never, ever send sensitive information in plain text using email.
3. Make sure systems are patched, anti-virus is up to date and firewalls are securely configured and well maintained.
4. Using the most secure means available, restrict remote access to your network solely to essential employees who absolutely need it.
5. Lastly, while this may seem like a giant “Duh”, the safest way to ensure data privacy is also the simplest. Don’t collect personal data you don’t need. If you don’t have it, no one can steal it. Make sure your company is only asking for information that is absolutely necessary.
For more in depth tips on beefing up your SMB's policies, see the FTC’s Guide for Businesses.