SCORE Small Business Blog

Checklist: How Safe Are You From a Data Breach?
0 Comments

What are the chances of a cyber thief attacking your company? After all, they target big corporations with top-secret proprietary data or millions of credit card numbers, right? Why would they waste time going after a small business with, say, six employees? What’s the point?

The point is: Hackers count on you to think this way. The more you lower your guard, the easier it is to crack your system. It’s like leaving your house with the door wide open and a sign that says: “Come on in.”

Small businesses are often targeted by hackers. More than half (55 percent) have experienced a data breach at some point, and 53 percent report multiple breaches, according to 2013 research by the Ponemon Institute. This means the chances are about even that your company will be a victim at some point — if it hasn’t been already.

How can you help protect your business from a data breach? Take a few minutes to go through this checklist. Then use the items you checked “No” as a guide for what steps you should take.

Yes

No

 

__

__

My employees and I don’t open links or attachments from unknown sources. Make sure everyone follows this rule, since danger can lurk in every ill-considered click. Keep your team on high alert for phishing, i.e., email messages that seem to come from trusted parties.

__

__

We use strong passwords and change them every three months. Don’t just tell employees to do this — make sure they do. Passwords should include a mix of numbers and uppercase and lowercase letters. Names of significant others and birthdates are generally a bad idea.

__

__

My company has installed anti-virus and spyware software, and we update it regularly. A commercial package is one option. You may also consider using a remote tech support service to review your protections, suggest improvements and help monitor threats.

__

__

Our computers have strong firewall protection. Firewalls are critical for helping filter out potentially harmful web traffic. Installing and configuring firewalls can be a challenge, so don’t leave it to a non-expert. Remote tech support can help with this if you don’t have an IT person on staff.

__

__

Our computers use the latest operating system. Hackers focus on older systems because they’re easier to crack. The newer the system, the better the protection in most cases.

__

__

We encrypt our business data. Make sure your data is encrypted everywhere in the computing chain. This includes hard drives, removable devices and Internet traffic. Encryption software can help with the first two areas, while a virtual private network can help protect web traffic.

__

__

Our Wi-Fi is secure. Leaving your Wi-Fi network unprotected can make it easier for outsiders to sneak on. These tips from the FCC can help you safeguard your network and private information.

__

__

Employees back up their computers regularly. With so many other tasks filling employees’ days, data backup can take low priority. Today’s cloud-based services make it possible to back up files whenever you hit “Enter,” eliminating the need for a manual system.

__

__

We have taken steps to protect our mobile devices. Smartphones, laptops and tablets are often the weak links in a company’s security chain. A mobile device management service can help you keep these gadgets secure, whether they’re owned by you or your employees.

__

__

I advise employees to download with caution. Tell your staff not to download programs from unknown sources. Free software (“shareware”) is especially prone to infection.

__

__

Employees are on the lookout for botnets. If a computer slows down or crashes frequently, it may have become a “zombie” controlled by a remote hacker. If this happens, run anti-bot software to remove infected files and turn to an outside expert if necessary.

__

__

I restrict access to critical files. Only certain employees should have access to your personnel records and anything involving money. Your computing system should allow you to set permissions easily.

__

__

I track my banking activity. Watch your financial accounts carefully. If you bank online, ask your bank to send you an email or text alert whenever activity occurs. You may be able to keep track of your business credit card use the same way.

__

__

Train, train, train. Above all else, make sure you can check this box “Yes.” Many small businesses create online security policies (usually after a hack, unfortunately) that tend to disappear into a server, where they are forgotten. Use this checklist to set a policy of your own and teach it to every new employee. Repeat your training at least once a year.
Tom HughesVP of Small Business Product Management, AT&T
Tom leads a team responsible for developing bundled solutions for small/medium businesses, driving IP conversion, & managing AT&T’s Fiber to the Building Program. He has a BS degree in Engineering Mgmt. from Missouri University of Science & Technology and an MBA from St. Louis University.
att.com/smallbusiness | @ATTSmallBiz | Facebook | More from Tom

// |
 

Comments are closed.