In the past, many small business owners thought cyber security was not a problem they needed to worry about. Many small business owners thought: I am such a small operation, why would anyone bother to hack my business. There is not enough money here for it to be worth their time. Hackers knew that many business owners thought this way. Because of this they preyed upon that exact logic. Now, one of the most common ways hackers gain access to large databases is by first hacking into a small business who is a partner of the larger business. The hacks of Target and Home Depot were both accessed this way and at the time they were the two largest data breaches in United States History. Because hackers are using this new tactic, it is more important than ever for small business owners to properly protect their business from the risks they face related to cyber security. Here are 6 tips to help you protect your business.
Know the True Costs of a Data Breach
Before you attempt to protect your business from the damaging effects of a data breach you must first know the costs associated with a data breach. Depending upon the amount of records put at risk, the cost can be significant. According to a 2015 study done by the Ponemon Institute, a leading independent data protection organization, found that the average cost of a data breach is $174 per record. If you have just 100 records that are put at risk it could cost your business at risk of being liable for $17,000. This cost result from costs like hiring a forensic specialist to determine the source of the hack, informing any affected customers, providing credit monitoring services for them for a year and hiring a public relations firm to repair your businesses damaged image.
Properly Train Your Employees
Part of the training should include helping all employees properly protect their work space. If necessary, bring to their attention that there are third party vendors who come in to the facility after hours to clean the facility. Leaving sensitive material about your customers in a visible or easily accessible area is not acceptable. Many businesses do random after hours checks to make sure employees are properly securing their workstations. In addition to securing their work stations, employees need to be aware of how criminals might be trying to access your business and what they can do to protect the organization.
Require Long Passwords
There are many ways you can go about developing an effective password strategy for your business. It is best to offer your employees a temporary password that is a good example of what you would like for their password to include. It should include upper and lower case letters, numbers and symbols. The longer and the more obscure the better. Here are a few examples of some good and bad passwords.
6h3il,t7Kw30+
4j2_iNKq5%2
These two passwords would be good examples of a password that are extremely secure and make a very good example of a temporary password. If your employees need help creating one that is easier for them to remember you could go with something like
SuMmeR,430_F2g+52
BaSkeTBaLl_2741+3657
WiNteR,430_F2g+52
As the seasons change you can change the password to represent the in season and leave the rest the same. If you have employees use this type of a password, be careful not to use the same season each year. In some instances, a person will use the word baseball in the Summer or pumpkin in the Fall. It is best to use whatever works for you that is not easily remembered or guessed by another person or a computer program.
This would be an example of a password that is a little less secure, but easier to remember.
JoeSmith
password
These are examples of terrible passwords that should never be used.
Acquire Adequate Insurance
One common occurrence in relation to insurance is that General Liability Insurance for Small Business is all encompassing. This coverage does not cover everything and that is why it is extremely important to work with an insurance agent to make sure your business has protection for all the risks is faces. In relation to cyber security, the insurance coverages are such a developing part of the industry that common names for the products are not consistent. The two most common terms relating to cyber security insurance are Cyber Liability and Data Breach Coverage. They are usually sold in a package together and can easily be added to an all-encompassing Business Owners’ Policy. The two policies deal with first party damage to you and your business (Data Breach) and third party liability your business faces to third parties impacted by your business. Third parties can include customer’s other businesses you partner with or anyone who could be damaged by a data breach that occurs within your business.
Social Media Policy
Even if your business decides not to open an official business account, chances are your employees will have an account of their own. It is important to come up with some type of policy for how you expect your employees to behave when not on company time. Having a conversation about how you expect them to behave when online. This policy should be a part of your training and onboarding program. The more it is a part of your culture, the more likely your employees will represent themselves and your business well digitally.
Shred Everything
There is no reason personal information should ever be disposed of without first being shredded. Shredding documents is the first line of defense to fight identity theft. Most of the information that is being used has no need for being printed in the first place. If you have employees who prefer to have a hard copy of some documents than stress to them the importance of properly securing that information and disposing of it promptly once they no longer need the document. There are many businesses who dispose of many types of shredded material. Some even do this periodically for free. Taking this aspect of your business seriously is an important part of your cyber security strategy.
