10 Data Security Methods for Protecting Your Small Business
By Pekin Insurance · Mar 25, 2020 ·3 min read
Huge data breaches get major press, but small businesses are at risk like big companies. Of course, most small businesses don't have multi-million dollar cyber defense budgets.
You can do a lot to improve your data security, though. While there are no absolute guarantees, you should make it tough for hackers to take the information you've worked so hard to collect. Get started by following these 10 data security methods!
1. Beef Up Password Requirements
Good data security starts with a memorable but complex password. You can improve practices at your business by using password standards from the National Institute of Standards and Technology (NIST).
Employee passwords should have an eight-character minimum but not include overly complicated rules. For instance, don’t force employees to create 25-character passwords with five symbols and seven upper-case letters.
If you need more examples of passwords to avoid, NIST offers those, too:
2. Require Two-Factor Authentication
A solid password isn’t enough to keep your data safe. Two-factor authentication is the virtual version of the lock and the alarm system in your business. Someone needs the key to get in and the code to turn off the alarm.
To access your business email, for example, two-factor authentication would require the basic login information as well as a six-digit code sent to your cell phone. Without both of those, you don't have access.
3. Secure Your Login Information
Do you use the same password for multiple accounts? If that's the case, it's time to make some changes.
Set up a separate password for each of your business accounts, and store all those passwords in a secure password manager.
4. Encrypt Data on Devices
Sometimes, the theft of a single device can lead to a huge data breach:
In 2006, a Veterans Affairs IT contractor had his laptop stolen. That laptop had unencrypted information on nearly 27 million people.
In 2019, a laptop theft led to the leak of 114,000 Truman Medical Center patient records.
As a small business, you probably don’t have this much data, but your employees could access sensitive information through laptops, cell phones, and tablets. Make sure everyone at your business uses devices with full-disk encryption.
Go here to find directions for encrypting data on Android and Apple tablets and cell phones.
As an extra precaution, you should consider having employees lock their laptops in secure locations when they’re not in use.
5. Encrypt Cloud Data
You can access cloud data from almost any device in the world. You have lot of options for encrypting your data on your own or through an encryption service. One of the easiest ways is using an HTTPS connection for any sensitive online communications.
Like most of these “best practices,” security begins and ends with your people. According to the Ponemon Institute 2019 Global Encryption Trends Study, 54% of businesses rank employee mistakes as the main threat to confidential data.
6. Think About Where You Share
You can create headaches by sharing data in the wrong place with the wrong permissions. For instance, Google Docs lets you share wholesale price lists with customers.
An employee or customer could delete the Google Docs information by accident if you share in "edit" mode instead of "view" mode.
7. Create Processes for Removing Access
If an employee leaves your small business, make it a priority to delete them as a user on your accounts. Make it easier on yourself by using a checklist of accesses your current employees have.
If an employee leaves under bad circumstances, you don’t want money to disappear or hostile posts to come from your compromised Facebook page. Go here for more tips on managing social media security risks at your business.
8. Limit Admin Access
Don’t fall into the trap of giving every employee admin access. Employees with admin access could lock you out of your website, your bank account, your social media pages, and so much more.
Plus, they could delete users in applications that are essential to your business. You can give editor and contributor status to several people, but save admin status for yourself and a trusted team member.
9. Backup and Update
Always keep a backup of your data in case your computer or phone is stolen. It's bad enough dealing with a theft, so you don't want the stress of losing data, too.
It's not always theft that takes your data, though. Malware, viruses, and system failures can all wipe out your data, which is why software updates are essential. Updated systems have a fighting chance at keeping out security threats.
10. Lock Up Your Hard Copy Files
Businesses have relied less on paper in recent years. But there are still some physical documents you want to keep on-hand, like tax returns.
Many of those files include the sensitive personal information found on employee applications, W-2 forms, and direct deposit paperwork. Keep that paperwork in a locked file cabinet in a secure location, and limit access to it. It only takes a few minutes for thieving hands to steal an identity.