Cybersecurity: 5 Risks Small Businesses Need to Understand
Why would anyone want to steal your company’s data? Security expert and CEO of Kalki Consulting Vikas Bhatia says, “Every small business has, or is connected to others that have data worth stealing.”
You may have read stories about a disgruntled employee trying to cause havoc, but Bhatia believes almost all cybercrime is financially motivated.
In order to better protect yourself and your business from the chaos of a cybersecurity breach, let’s examine five of the top cybersecurity risks for small businesses.
Don’t Put Your Head in the Sand – Get an Assessment of Your Risks
Maybe you’ve “got a guy” (or gal) who helps you with your IT issues. They may be truly competent and helpful, but don’t assume that they are pros at security. They may have a basic knowledge, but Bhatia stresses, “IT pros and security pros are two different types of people.”
But what is the real value of an IT assessment? Bhatia says, “Without an independent lens to view cyber threats through, your security could be compromised.”
This sentiment is echoed by Tia Ung, president of Root Port LLC, a company that provides full IT support. Ung says, “Devastating security threats can end businesses. An IT security assessment helps you avoid becoming the next victim.”
Protect PII – Keep Personal Data Personal
If you don’t know what PII is, I can assure you that your company has some (or a lot!) of personally identifiable information (PII) in customer databases, etc. Home phone number or cell phone number, email address, home address – all PII data.
Then, of course, if you pay any employees or contractors, you probably have access to their social security numbers and possibly their bank accounts.
In the normal course of doing business, and most often with no bad intent, Bhatia points out, “People and employees will try to send, share, and distribute your data.” Therefore, it’s important that everyone who has access to you company’s data knows what they can – and can’t – do with PII data.
Catherine Morgan is a business consultant who has worked for global consultancies. Morgan recommends small businesses follow the lead of larger organizations on protecting PII saying, “Make information and training available and required for all employees and contractors. Do not assume they have this knowledge. Include information about your company’s policies and procedures regarding access to and storing of PII as part of your onboarding process.”
Give Skimmers the Slip – Keep an Eye Out for Wandering Eyes
If you have a retail presence and take credit cards, you need to ensure that your equipment is safe from anyone who might try to tamper with it to gain access to data contained on a credit card’s magnetic strip, or utilize a hidden camera to take a picture of a card or watch someone entering their PIN.
You most likely already refrain from using the fishy looking ATM machine in a random location, but you should be on the lookout for these types of card skimming activities could go on in your place of business.
Maintain Customer Trust – Vet Your Vendors
Your customers trust you to keep their information safe. You trust your vendors to keep your information safe. But do you actually know what protections and safeguards your vendors have in place to do this? Did you think to ask?
Most of us know to look for the green bar and the lock icon when we go to websites that require our personal data. Secure Sockets Layer (SSL) and an SSL certificate is a standard protocol for ecommerce sites.
What you may not know is that encryption is not the only way to transfer data safely. There is also tokenization. (Learn more here.)
Which does your vendor use? Depending on the type of business you have, you may want to know.
Keep Your Systems Clean – Practice Good Cyber Hygiene
Center for Internet Security (CIS) and the National Governors Association Governors Homeland Security Advisors Council have launched the Cyber Hygiene Campaign. You might want to take a look at their toolkits here. They have tried to keep it simple so that most organizations can use them.
Sarah Isaacs, CEO of Conventus Corporation, recommended these toolkits as a starting point and added, “Security tools should never be configured to ‘set it and forget it.’ Implementing automation (backups, updates and patches) however, to assist with the workload is a first step: unpatched vulnerabilities are one of the easiest doors into your organization. Don’t forget to automate the patching and updating on your mobile devices, too!”
Perhaps in the past, you have left security decisions to your service providers? Freelance IT project manager Matthew Fox says, “Often time service providers do what you tell them to and not what is secure. Have a conversation with them, or a trusted advisor, to improve your security and reduce your risk.”
Ignorance isn’t bliss when it comes to cybersecurity. In fact, ignorance of your risks and best practices to potentially mitigate these risks can be very expensive for you and your business.