9 Things You Can Do For Your SMB To Avoid A Data Breach
Data is at the root of every decision. Be it your personal life or professional, nothing remains untouched. For example, while investing you tend to see how your previous investments have fared, what are the rising trends in the market and how much you are safely willing to invest at any time. All this is data which you gather for personal gain. Similarly, business decisions too are driven by data. In business, data collected is wide and varied. It ranges from customer information to company financials, inter-departmental communication etc. In all, data collection is mandatory and so keeping it secure is of prime importance.
What is a Data Breach?
A confirmed security incident in which sensitive and protected data is accessed in an unauthorised or illegal manner is called a data breach. It usually occurs through hacking, trojan programs and stealing login credentials. Data is mostly stored in the “Cloud”. So, a data breach can happen remotely. Physically accessing a computer within the business premise is not a restricting factor any longer.
Can a Data Breach Be Prevented?
To a very large extent data breach can be prevented. It, however, does not mean that a data breach cannot happen, ever. Anything stored over the internet is as safe as the user’s practices and the firewalls and other protection set in place by the service provider. This means the safety of your data comes down to the processes your staff are taught. The rule of thumb is that safe data is as safe as the precautions you take.
9 Ways to Avoid a Data Breach
Data breach is every small and medium businesses nightmare. Infact this holds true for well-established ones also. Data breach puts your very reputation on the line. Below is a list of 9 things you can do for your SMB to avoid a data breach.
1. Always Use Two-Step Authentication – A single step sign in is relatively easy to break. The level of difficulty increases with a two-step authentication procedure. Most email service providers are now using this. Employing the same method for your business will decrease the chances of a data breach.
2. Data Needs to be Encrypted – Most often business owners overlook the importance of encrypted data. They send and receive emails with sensitive information without encrypting it. Hackers intercept these unencrypted emails to steal valuable information. The fact is that all data stored online should ideally be coded so that it makes no sense to others. Only people who need it for further analysis and processing should know how to unencrypt it. As a business owner, you can make data encryption mandatory for data in “transit” as well as that which is at “rest”.
3. Use a Secure Browser – Almost all businesses are online. As a part of the daily work schedule, the employees may have to browse over the internet multiple times a day. Ensure that the browser used by them is safe and secure. Also, make sure that the sites which they access have SSL certificates. Do not allow them to access unsecured sites. For this, you can program your company browser in such a manner that it denies opening an insecure site. An updated browser version will also help in minimising data theft.
The biggest security risk you have sits between your keyboard and chairs
4. Secure Routers – In order to access the internet nowadays, a router is a must. It sends packets of information from various networks to the computer. Your business router should have a non descript SSID (Service Set Identifier) and be password protected. The password should not be as predictable as your company name or the business owner name. It needs to be strong which is hard to break. Unsecured or poorly secured routers are relatively easy to gain entry and steal sensitive company data.
5. Educate Employees – Lack of awareness is one of the prime reasons behind data breaches. Employees are not aware of simple things like the importance of regularly changing passwords, locking their workstations when away from it, reporting suspicious activity and links, not sharing login details etc. These mistakes look very small but are one of the biggest culprits in the increasing data breach issues. The biggest security risk you have to your business sits between the keyboard and chairs in your office.
6. Destroy Before Disposing – Every office has some sort of paperwork trail or digital data. Sometimes its scribbled notes, other times hard copies or contracts, old documents or correspondence. Many times we don’t realise that these papers contain confidential information like client details, financial information, trade secrets, phone numbers, email id’s, contract details and communications.
All this information cannot be passed around to others. Similarly, hard disks tend to store data until they are wiped clean. It should be made mandatory to destroy all the information classified as sensitive and not for distribution prior to disposal. Only once the said data is erased or wiped clean can actual disposing of the asset, device or paper be done. We have had clients who have opted to turning their old computer towers into underwater obstacles in their pool or pond setups to ensure that after a software wipe they were not going to get the data.
7. Backup Data – It is better to be safe than sorry. As technology advances, it becomes more complicated and can give backdoor entry to anyone who has enough time and drive to exploit it. Ensure you create secure backups for all your relevant data. This could be in the form of data stored on hard drives or physical documents kept under lock and key. Ensuring that where possible you add a layer of encryption.
8. Update Software Regularly – Updated software is one of the easiest ways to minimise data breaches. Software updates help by making the existing one improve on performance or fix issues in it. Bug fixes help ensure that the security is tighter and your compliance sound. Antivirus updates will help counter the effects of any new virus and malware. Updating software regularly will keep you abreast with all the good changes that happen in technology to make your business’s online presence more secure.
9. Disable Old Accounts – Attrition is a part of the business. Old people retire and make a place for new ones and sometimes, it is the lure of better opportunities that becomes too hard to resist. Whatever be the reason, people come and go. When they leave the organisation, it is time to freeze their access codes and disable them completely.
This can be achieved by deleting the accounts of these people in the company’s records so that nobody is able to use their login details for malicious use. If your infrastructure is setup correctly, this should be only a couple of minutes for your IT team to achieve.
Food for Thought
In the end, no business, big or small, is completely safe. Business means risk but what we forget is that it means “calculated risk” and not foolish risks. If you look abjectly, incidents of data breach occur because a few everyday necessities get overlooked, time and again. All that is required is a little presence of mind, some preventative maintenance and you will dodge most data breach incidents.