Written by: Daniel Haurey on 12/08/17

Did you know that 50% of all cyber attacks carried out today target small businesses? In fact, CNBC reported in April 2017 that 14 million businesses had been attacked in the last year alone.

Your business could be next.

But it doesn’t have to be! The truth is that there are steps every small business owner can take to protect their company and employees every day. The bigger question is whether or not you, as a small business owner, know what those steps are and are taking them right now.

If you’re not sure how to protect your business from data loss and theft, you’ve come to the right place. Below, we’ll guide you through several important steps you should take to keep your business safe.

Secure Your Staff

Above all else, you should be worried about your staff. Not only are they the true heart of your organization, they’re its biggest liability. Employees are the number one security factor in 48% of cyber attacks at small and mid-size businesses. Unfortunately, there are a lot of ways that your staff can put your business at risk.

A disgruntled employee could disable a firewall, a technologically illiterate employee could choose the password “password,” or a busy manager could accidentally download an attachment from a phishing email. That means it’s your job as an employer to make sure they’re ready to keep their data (and yours!) secure.

Teach Employees About Cyber Attacks

Unfortunately, many data breaches are the result of an innocent mistake. But one innocent mistake from an untrained employee could put all of your company’s private information at risk. First, your employees must understand how different types of cyber attacks operate. For example, a ransomware attack operates in three distinct steps.

  1. An employee opens a simplistic, innocent-looking email.
  2. The employee clicks on an attachment, accidentally downloading an infected file.
  3. Hackers gain access to your files and demand a ransom to restore your access

Above all else, your training should enable employees to tell the difference between a normal email and one that’s part of a phishing scam or ransomware attack. In addition, it should help them understand why your business might be vulnerable to cyber attack even if it’s on the smaller side.

Create Preventative Programs

Teaching your employees how to identify a cyber threat is only the beginning. In addition, your training should also ingrain in them the appropriate actions to take to avoid falling victim to a cyber attack in the first place. While no business is safe from attempted cyber attacks, employees need to ensure none of those attempts succeed in the first place. A few important practices employees should learn in cyber safety training include:

  • Confirming the legitimacy of a source asking for sensitive information
  • Leaving attachments unopened if they don’t recognize the sender
  • Avoiding any suspicious email or website links

Keeping out of the clutches of cyber criminals starts with good training. If your employees understand the risks and how to identify them, they’ll be that much safer when handling your company’s sensitive information.

Practice Taking Action

If there’s one thing many small business owners leave off of their training list, it’s incident response. What happens if sensitive information wasn’t disposed of properly? What if an employee slipped up and left their work laptop in a cab? The key is to have a plan and practice it often.

In the event of a data breach, every employee should fully understand what actions they should take to ensure the situation doesn’t escalate. Working together is crucial to preventing any further information theft. So before you create a no-holes training program, make sure you’re considering the possibility that something could go wrong in the future. Preparedness will ultimately keep your business safer in the long run.

Secure Your Data

Training is an excellent way to help your staff protect the organization’s data, but the real risk lies in what you do with the digital data that’s mostly out of sight, out of mind for your employees. Whether it’s customer data, your financial information, health records, or anything else that you don’t want falling into the wrong hands, it’s your job to make sure it’s safe as can be.

What does that mean exactly?

Encrypt It!

When in doubt, encrypt your information. Whether your information is stored on a computer, in the cloud, or even sent back and forth over the internet, encryption encodes it into an unreadable format. And only the person with the right key can decode it.

Encryption is incredibly important for small businesses because it can be used to protect any number of data points. Whether it’s your customers’ health information or your company’s trade secrets, every company has at least one piece of information you would never want a cyber criminal to get their hands on.

Of course, it’s up to you to decide what level of encryption you need. Most operating systems have built-in encryption options which you can turn on, but additional security is often a good idea if you’re protecting customer information as well as your own.

Dispose of Data Properly

The only thing worse than falling victim to a cyber attack is knowing that a misstep on your part was responsible. In many cases, this misstep is failing to take the proper steps to dispose of sensitive information. When it comes time to purchase new computers for the office, your old ones had best be wiped truly clean. In many industries, failing to properly encrypt or destroy sensitive information can result in huge compliance violations.

Here are some crucial steps to take when disposing of sensitive data:

  • Shred any documents containing sensitive contact or financial information
  • Remove all data and apps from smart devices
  • Erase all information from computer systems or storage hardware

Keep Software Updated

Antivirus software is there for a reason, which means you should update it when prompted. Not only that, but other software on your operating systems should stay up-to-date as well (and that includes the operating system itself, no matter how annoying those regular updates are). New updates mean new security protocols and software patches that will actually better protect your data from cyber attacks.

Secure Your Practices

Your training program might be out of this world and your antivirus software might be top of the line, but unless you hold yourself accountable as a business owner, your information may not be safe.

Work With an Expert

Whether you’re employing five people or 50, there’s no use attempting cyber security if you don’t know what you’re talking about. In these cases, it’s extremely important to call up the experts. IT consultants are going to be some of your greatest resources when it comes to protecting your business’s information.

But that’s not the only reason you should be considering hiring an IT consultant. Not only can they help protect your information, IT consultants can…

  • Provide more cost-effective solutions to technological issues
  • Keep you up-to-date on the latest protection software for your data
  • Help you save time attempting to master new technology
  • Create a more productive technological environment for you and your staff

When you hire an IT consultant with cyber security training, you’re investing in excellent support, access to the latest technology, and a resource for any questions you might face.

Double Check Third Party Access

In many cases, third-party vendors will help operate your business in some way, shape, or form. It’s up to you to make sure your security practices are sound and that you know exactly what they can and can’t access. Of course, trust should be an important factor in these relationships, but protecting your sensitive data is also a must.

In the event that you’re still seeking out vendors, there are a few distinct qualities you should keep in mind. In the end, you should be looking for vendors who:

  • Require employees to undergo security training, too
  • Maintain strong cyber security hygiene policies
  • Enforce and share incident response plans with you

On top of seeking out those qualities, you should always secure a service level agreement (SLA) to ensure all parties fully understand what is required of them. In addition, you should take great care to communicate with your vendors regularly to ensure you’re still operating eye to eye.

Are You Protected?

You’ve made it this far. Are you protected? And if not, are you prepared to do what it takes to make your business a safe haven from cyber attacks? Small businesses are among the top four most targeted industries, which means security should stay at the top of your list when it comes to securing your business’s future.