Every business and individual should be vigilant about online security. Businesses are especially vulnerable because they store an ever-increasing volume of user data on their servers. Small to medium businesses are as likely as large enterprises to suffer from data breaches. While bigger organizations have the financial muscle, resources and skill to overcome setbacks from a cyber attack, small businesses often lack the security personnel and expertise needed to protect sensitive data in the first place or to recover from any breach should they be targeted. Sadly, regardless of size, every business will suffer a consumer trust set-back as the result of a cyber hack. The good news is that there are simple measures that can be undertaken by any business owner to protect data from being compromised and to thwart attacks.
1. Apply Encryption Software
Today, encrypting your own confidential information and your customers’ sensitive data files is an important step to protecting against theft or hacking. In fact, in order to be in compliance with various federal and state laws, businesses must encrypt confidential data to protect their customers. Modern encryption software uses algorithms to create nearly uncrackable ciphers of unintelligible, encoded characters, so that the data being transferred online is hidden. There are many encryption software applications available for businesses. Ideally these solutions should feature 256 bit AES (Advanced Encryption Standard) encryption algorithm, on-the-fly encryption to enable easy working with encrypted files such as plain text files, easy cloud backup for multiple encrypted files to allow secure storage, keylogger protection for access to safes/vault container files with passwords, and a easily navigable user-friendly interface to make encoding confidential files an intuitive exercise. Online businesses should consider adding an extra layer of security through HTTPS and if using FTP software, it is advisable to switch to SFTP. Webmail service should have SSL encryption on login pages for clients entering user names and passwords, to prevent easy access by third party interceptors to login details. Even email should be sent via SSL encryption, especially if it contains sensitive information.
2. Use A Password Manager
Research shows that 80% of stolen or compromised user credentials are from weak passwords and over 55% of people use one password for all logins. Cybercrooks use phishing, malware and social engineering to capture usernames and passwords. Small to medium sized businesses need comprehensive protection using password managers, such as enterprise version of LastPass, to securely store and enter encrypted account login details. It may be better to use password managers to set up an encrypted and secure master password or passphrases for protecting the list of passwords saved. Password managers enable setting minimum password standards across your company accounts to meet your policy requirements, or allowing restricted access to specific devices or groups and real-time syncing across devices.
3. Ensure Proper Backup
There has been a 30% increase in denial of service attacks in the past year. These attacks take up bandwidth and tend to last longer. With hackers designing breaches to destroy or modify files on the server, and with the rise of ransomware, you can protect your business information by creating an immediate backup. If the computer where data is stored gets lost, stolen or hacked you will need to fall back on the backup copies for uninterrupted business. According to data privacy laws, your customers have the right to request access to personal information stored about them but if the original data gets compromised in a breach, you will not be able to comply with this legal requirement if you do not have a backup copy of your customer data. For improved productivity, better security and for legal compliance, it is critical for businesses to have backup copies of their own and their customers’ confidential files.
4. Protect Your Network
Businesses have to pay special attention when securing their network. This means taking small but significant steps such as installing antivirus software, applying OS and application updates regularly, and controlling user access to a given system or data on a ‘need to know’ basis. Employees and users are often a weak link as they inadvertently provide an easy access route to your website servers. By lowering the number of people who have access to your data, you reduce the risk of a hacker using them to steal it. Some things you can do today to help protect your network include employ strong passwords, change them frequently, have logins expire after a brief period of inactivity, and thoroughly scan all devices plugged into the network for malware. Additionally, security audits or vulnerability scans can help prevent online threats and malicious cyber attacks by monitoring the integrity of your network solutions, examining ports, firewall policies, processes and software updates. Vulnerability scans minimize any risk of downtime, prevent unauthorized access, and address urgent risks to safeguard your brand image.
5. Check Security Measures for Third-Party Providers
The Ponemon Institute lists third party providers, such as web hosts, payment processors, and call centers as security risks to businesses—especially with regards to data protection. There should be rigorous checks in place for all third party vendors to ensure they have adequate and up-to-date security measures and practices. It is absolutely vital for businesses to vet all new providers, including software providers, for security best practice compliance like the Payment Card Industry’s Data Security Standard (PCI-DSS) and cloud-security certification SSAE16. Even cloud software vendors should be asked about their certifications and security management measures before working with them. Partnering with reputable vendors and using the right tools act as a safeguard for businesses to reduce the risk of security threats. Don’t overlook this.
Protect Your Business, Your Brand and Your Customers
Today the risk of data breach is a greater challenge than ever for large, medium, and small businesses alike. For the reputation of your business and the safety of your customers, it’s important to take the necessary steps to improve your business’s data privacy and follow comprehensive security practices for critical applications & data.