By Larry Alton
If your small business collects and stores sensitive information, it's absolutely vital that you develop forward-thinking security strategies to prevent data breaches. And by sensitive, we not only mean customer data, we include any business-critical data that your company could not run without. Failure to grasp the importance of data protection will cost you dearly, and the price to recover from a data loss will only get bigger—if you can recover at all; you don't want to be on the wrong side of that equation.
According to the 2015 Ponemon Institute study of companies and the cost of security breaches, the average total cost of an isolated incident has increased by 23 percent over the past two years. Currently, companies spend approximately $3.7 million per incident. That figure should catch every small business owner's attention.
4 Tips to Improve Data Security
Instead of studying why security breaches cost so much and how they affect businesses like yours, let's get right to the point: How can you improve security to prevent cyber-attacks and to protect your sensitive small business data?
1. Create a Data Classification Policy
One of the best things you can do for your business is create a data classification strategy that allows you to control who can share and access company data—and how they do so.
In a blog post , data security vendor Digital Guardian explains data classification as follows:
"The data classification process involves first discovering data, then determining appropriate categories and classification tags, identifying various levels of sensitivity, and outlining policies and procedures that allow employees and others who come in contact with the organization's data to operate within the framework of compliance.”
The terms you use will vary, but typically you'll find at least three levels of data classification:
- Public: This is the least sensitive level. In fact, it's not sensitive at all. This is data that causes little to no risk to the company if it were to be accessed (even by the wrong people). Public data is the type of information you release in fiscal reports, case studies, and sales documents.
- Private: This category contains mildly sensitive data that could cause some backlash if it were compromised. Access is generally limited to company employees, and you may restrict it further to a particular department or position.
- Restricted: This is the highest classification, and it refers to data that could cause a tremendous amount of damage if compromised. Access happens on a need-to-know basis only, and it's heavily guarded. Nobody outside of the company should ever have access to this data.
Depending on the types of data you store and your total number of employees, you may have as many as five or 10 different levels of data classification. The key is to restrict critical data from employees and co-workers who have no need for it. Allowing sensitive information into the wrong hands ends one way: badly.
2. Adopt EMV at Point of Sale
EMV payment technology has been a big topic of conversation for U.S. companies over the past year. October 15 marked the liability shift when businesses that don't accept EMV chip cards can be held liable for fraudulent purchases.
If you process credit cards and have yet to adopt EMV terminals, then it's time to talk with your payment processor about making the change. All it takes is a couple of fraudulent payments to put your business in a tight spot and damage your reputation with customers. It's best to address this now before it becomes a major problem.
3. Use Full Disk Encryption on Devices
Even if your company stores data in the cloud, it's possible that temporary files and other data will occasionally end up your personal mobile devices or computer hard drives. If that happens, it's imperative to use full disk encryption to protect your business from external threats.
Most new mobile devices and operating systems come with built-in encryption hardware, so check to see how to turn on these features. Older devices will need the appropriate technology installed, or else you'll need to replace them. <h34.> Increase Password Complexity
Finally, if password complexity isn't a priority for your business, make it one now. In addition to encouraging employees to use complex passwords with different character and number requirements, it's also smart to require regular password resets. This will help your business combat outside threats such as brute force attacks .
Keep Critical or Sensitive Data Safe
Small business owners need to focus more on protecting their critical business data. Cyber-attacks may be at an all-time high, but you also have access to ever better protection and prevention methods. Make sure you use them to the best of your ability.
Larry Alton is an independent business consultant specializing in social media trends, business, and entrepreneurship. Follow him on Twitter.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|