by Farokh Karani
High-profile data breaches at major retailers and banks have brought data security a top-of-mind concern for organizations of all sizes these days. However, while the big companies garner the biggest news headlines, startups and the small businesses—those with typically newer and less hardened security infrastructure and few if any security specialists on staff—often make easier targets.
The downside of not establishing proper data security measures is significant. According to a global analysis by the Ponemon Institute, an average-size data breach will cost companies about $3.5 million. Yet many businesses still don’t prioritize data protection like they should. Data security should no longer be an after-thought, but an essential component of day-to-day strategy, especially for organizations working with sensitive customer data.
Do your company's data security measures measure up? Follow these six essential rules to tighten your small business security.
6 Steps to Stronger Data Protection
1. Establish a Data Security Plan
Start with a plan that outlines actions to be taken during security breach scenarios. Include policies that establish which employees need access to what data, and what the data access rules will be for all employees. The plan should serve as the security rulebook for the entire staff to follow, and it should be strictly enforced. For example, if a rule states that personal devices used by employees must be password protected, do not make exceptions for anyone—even the boss. Finally, the plan must be a “living document” that changes and evolves as your company grows and expands.
2. Educate and Train Your Employees
Educate your employees about security risks, and provide regular training on everything from good password practices, to managing and dealing with unsolicited emails, data backup, and alerting IT to potential threats. Make sure your employees always know exactly where to turn if the unusual or unexpected comes up during the course of the digital workday.
3. Establish a Data Storage Policy
Create and follow a company-wide data storage policy outlining what data must be kept, and what data can be deleted. More stored data only increases your security risk, so storing only the data that’s absolutely essential will minimize threats.
4. Embrace the Mobile Workforce
The Internet-connected devices across your network, often called the endpoints, include PCs, laptops, and now increasingly tablets, smartphones and even bar code readers and point-of-sale devices. And while mobile connectivity empowers your team, your data becomes even more vulnerable when it’s on the go. An IBM-Ponemon study reveals that 67 percent of companies allow workers to download non-vetted mobile apps on their devices, and thus creates a pathway for hackers to steal business data.
Do not allow mobile devices to access your network unless they comply with the company security policies you’ve defined. Also, make sure that mobile threat management is a part of your overall security solution. It will help prevent malware from breaching your mobile devices.
5. Ensure the Highest Levels of Encryption
Strong encryption is essential as soon as you collect and store customer or personal information (e.g. names, social security numbers, email addresses, payment card info, etc. Data breaches involving this information not only damage your company’s image and reputation, but they also bring heavy penalties and potentially crippling lawsuits.
6. Take a Multi-layered Approach
Most small businesses lack the resources to employ large IT staffs, which makes finding a comprehensive data security solution a vital part of protecting your company. Regardless of the data security vendor you select (and you have many options from which to choose), consider the following tips before you make your final choice.
A good data security solution should include tools that target both internal and external threats, attacks and malicious intent before they strike. Endpoint, server, network and mobile device protection are all critical for your business. Also, look for a technology vendor that provides a multi-layered solution that is simple to install, manage and maintain.
You should be able to easily add new users and devices, and make changes and updates in minutes and to manage all of your security tools from a single console. A cloud-based product provides anytime-anywhere access. Do your homework and look for an established vendor and steer clear of fly-by-night companies that promise too much for too little.
Farokh Karani is the director of North American sales and channels for Quick Heal Technologies, a global IT security solutions provider.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|