Data Breach Prevention
for Small Business Owners

See also: Avoiding Common Managerial Mistakes

What security measures do you have in place to protect your business from the next big data breach? If this question leaves you scratching your head, then you have some work to do.

If you have been following the news over the last few years, then you have seen major companies from Target to Yahoo and Garmin getting hit by large-scale cyberattacks. These intrusions put the private information of millions of customers at risk, and if the big companies are seeing that much loss, imagine what can happen to your small business. Well, worry not. There are security measures that you can take to prevent data breaches before they even start.

Desk with woman's hand writing in notebook and a smart phone, laptop and espresso.

The Importance of Data Security

Advancements in technology have improved just about everything we do in business, from how we produce products to how we communicate with customers.

Unfortunately, while new technology has made our lives easier, it has also given hackers and cybercriminals many new opportunities to steal valuable company and consumer information. This is not a process that can be overlooked.

While large corporations have extensive IT teams that can prevent malevolent attacks, smaller businesses have to make smart decisions on a local level to stay secure. The numbers prove that hackers know where the insecurities lie as 43% of cyberattacks have targeted small businesses. 

The damage to a small business can be catastrophic. In fact, recent studies show that 60% of small businesses fail six months after an attack. When a business falls victim to cybercrime, it is not only data that is stolen, but a reputation that is on the line. When information is taken and used illegally by a hacker, the company loses that all-important trust of the customer, and it is not easy to earn back.

So, the key is to be proactive instead of reactive. Understand your vulnerabilities first, so you can plug any holes and have a plan of action if an attack were to happen. Start by creating a risk assessment. This process involves forming a team and looking at all the possible risks that plague your business, whether that is from cyberattacks, natural disasters, or employee error. Then, gauge the likeliness of these incidents before creating a plan of action if the incidents were to occur. It is important to have a strategy in writing so that everyone knows their part.

Protect Your Data

Once you know the risks, it is time for proactive security. Data is likely the lifeblood of your organization, whether that includes financial statements or customer email addresses, so you need to do everything you can to secure it. Start by having backup systems in place that store necessary data. These servers should be separate from your main systems so that if your primary computers are attacked, your backup data remains secure. Backup systems should be maintained and updated on a regular basis.

It is important to remember that all data doesn’t necessarily rest inside of your office. Because of BYOD (bring your own device) culture, many businesses are allowing employees to use their own laptops, tablets, and cell phones to work from everywhere. While this type of setup has its benefits, you need to secure those devices as well so they are not hacked. Ensure that all mobile devices are locked when not in use with a pin number that should be changed regularly. Also, the data on these devices should be encrypted so that it cannot be read even if a hacker gains access.

Mobile devices should be updated whenever a new operating system version is introduced, as new packages usually fix old security vulnerabilities. Also, all mobile users should connect to the main system with a virtual private network (VPN) that hides your systems from hackers. A smart business will also invest in data breach insurance, which can help cover the costs if an attack does occur.

Employee Education is a Must

As a small business, you may only have a few employees, but it only takes one to mistakenly allow a data breach, so training is necessary to keep everyone on the same page when it comes to cybersecurity. Inform employees that a breach doesn’t only impact the business but also their livelihood and the retention of the customers that keep the business afloat.

Start with passwords. Make sure employees use a complicated password that includes letters, numbers, and special characters. As an extra layer of security, two-factor authentication should be employed, which has the worker input a number from a physical token before entering their password.

Employees should also be aware of the many social engineering strategies that hackers use to infiltrate their systems. There are several ways that hackers can use emotions or fear tactics to convince employees to give up information, even if they do not realize it. One of the strategies that has gained popularity among hackers in recent years is phishing emails.

These are emails sent to an employee with a sense of urgency. It could be a message that appears to be from your boss, your bank, or even the IRS. The emails will usually include a link or attachment that, when clicked or opened, will allow the hacker access into your systems. This tactic works on an employee's fear and impulse, so they feel obligated to click and, once a hacker is in, they can destroy an entire organization from there. As part of employee training, it is important that everyone knows the signs of a phishing email, which may include:

  1. An email filled with spelling errors.
  2. An email with a link or attachment that you were not expecting.
  3. An unrealistic sense of urgency.
  4. A request for credentials or payment information.

Protect Your Business Website

For many businesses, the company website is the primary method of contact with your customers, and if not properly protected, it can create openings for hackers as well. To protect your website from unauthorized access, verify that you have a firewall and proper antivirus software, and ensure that both are updated regularly. It is a smart idea to run your antivirus software at least once per week so you can catch any attempted attacks and patch any holes.

You also want to avoid creating the ability for users to upload files onto your site as hackers can easily use this access point to inject viruses. This doesn’t mean that you can’t have forms available that allow customers to send you a message or ask a question, but they shouldn’t be able to send a file from their computer to your website. If you absolutely must have file uploads, the landing spot of the uploads should be separate from your primary system.

You can also invest in a few web security tools. One such tool, OpenVas, continuously searches your system for over 50,000 vulnerabilities, while Netsparker also tests your system while offering comprehensive reports and improvement suggestions.

At first, these steps may seem overwhelming, but these relatively simple fixes can go a long way to keep your business from becoming a victim of the next major data breach.

Further Reading from Skills You Need

The Skills You Need Guide to Self-Employment and Running Your Own Business

The Skills You Need Guide to Self-Employment and
Running Your Own Business

If you are thinking about running your own business, or already do so, but feel that you need some guidance, then this eBook is for you. It takes you through self-employment in easy steps, helping you to ensure that your business has more chance of success.

The Skills You Need Guide to Self-Employment and Running Your Own Business is the guide no new or aspiring entrepreneur can afford to be without!

Based on our popular self-employment and entrepreneurship content.

About the Author

Magnolia Potter is from the Pacific Northwest and writes from time to time. She prefers to cover a variety of topics and not just settle on one. When Magnolia’s not writing, you can find her outdoors or curled up with a good book.