It’s impossible to go more than a few days without hearing about another business getting hacked or a new virus or malware that could hold your files hostage. It seems like threats are everywhere – and you’re vunerable even as a small business.
But, ultimately the biggest threat to your company isn’t an outside attacker – it’s your employees. No, we don’t mean your employees are stealing your data to sell on the black market or anything like that (though a disgruntled current or former employee can be a big risk if they still have access to any systems).
But most data breaches are caused by human error: someone opening a malicious email or clicking a bad link or losing their phone or getting a virus on their work laptop while working at home and bringing it inside your network... the possibilites go on and on
Here’s what you can do it address it:
Train your employees on data security best practices
It’s vital that all employees are trained on security best practices. All it takes is one employee clicking on a malicious link that looks legitimate for your whole business to be compromised. Teaching employees what to watch out for and what basic data security rules to live can greatly reduce the risk of that happening. Work with your IT company to create a training plan for your current employees and make this a part of your new employee training.
Implement policies and technologies to protect you
It’s likely you already have a firewall and password on your computer, but this alone isn’t enough. Putting data security policies and systems in place can go a long way to protect you. What's best for you will depend on your line of business and your users.
Some to consider are:
- Dual-factor authentication: Dual-factor authentication combines something you know (like a password) with something you have (like a phone app or a keyfob). This makes it much harder for an attacker to access your information if your machine is ever lost or stolen.
- Encrypted Email: Encrypting your email ensures that the only person who can read it is the intended recipient. If you’re regularly emailing client data or sensitive information, talk to your IT company about getting this implemented for all employees. If you email this information to people outside your organization (like a client), make sure they can still access the information.
- Data Loss Prevention: Data Loss Prevention is a set of policies to allow organization to monitor email communications for sensitive material. Once turned on, these rules scan all emails to and from an organization looking for information like credit card numbers, SSNs, Taxpayer Identification Numbers, and Passport numbers. Depending on your email service, you should have the ability to decide what to do with a message once an email is deemed out of compliance with your Data Loss Prevention policies – like not sending the message, CC’ing the employee’s manager, or to warn the employee the email may contain sensitive content, etc.
- Outbound Internet Monitoring: Services like OpenDNS can monitor your outbound internet connections. This isn’t so you can spy on your employees – it just makes sure your internet traffic is going where it should, and a not being re-directed to a vicious site or server.
Keep your systems up to date
An old firewall and an antivirus program that hasn't been updated in two years aren't protecting you. Hackers and threats to your data security are constantly evolving – and your protection needs to evolve with it.
Your best option is data security as a service – this treats data security services (like firewall and virus protection) as an always-on, constantly monitored service (generally paid for with a monthly fee) rather than something you do every few years. When looking for a vendor, there are a few things to consider:
- Does it include firewall, antivirus and web security? Email configuration? How often are these updated?
- Are they monitoring your network for suspicious activity?
- Are they checking your outbound internet traffic to make sure your web traffic is going where it should be going and not to a malicious site that’s been made to look legitimate?
Unfortunately, there is never a 100% guarantee when it comes to data security. But having the right systems in place and a well trained workforce will go a long, long way to preventing a data security breach that could bring your business down.