Data Security Tips for Your Small Business

The cyber-threats being directed toward small business entities are increasing on an exponential scale. The time when small businesses were too meager of a target to get attention from cyber criminals and fraudsters is past. An alarming number of businesses are falling to hackers, phishing events and debilitating ransomware attacks.

The following are a series of steps or tips that you should already be undertaking or putting in place as soon as possible: (DO NOT DELAY IMPLEMENTING THESE!)

1.      Bolster Access Controls – Multi-Factor-Authentication (MFA) and unique passwords are absolutely critical to cyber-security. Absolutely DO NOT use the same password across multiple platforms, websites or applications. Be certain your password is unique, lengthy and uses a mixture of letters, numbers and symbols. Change your passwords regularly. MFA can be an exceptional tool to protect your business. Be sure to utilize MFA so that nobody can log into your secure cyber spaces without double authentication. It would be wise to initiate a policy requiring USB keys or smart cards also. It’s one more level of security that’s very difficult to circumvent.

2.      Encryption, Encryption, Encryption – Even if a hacker were able to gain access to your data storage, they would get nothing without the encryption key. Using a third-party encryption application to make your files unreadable by a cyber criminal is just prudent. If possible, encrypt your files at the source prior to uploading to a secure cloud server. Be very cautious using email and never, never, never transmit a document with sensitive information that is not encrypted. AxCrypt and Cryptomator are good options… and PDF files can be easily encrypted using Adobe Acrobat, FoxIt or other applications.

3.      Backup – A ransomware attack would be easily foiled if you are able to restore all your data from a secure cloud server or another physical backup. Regular backup of all your data is a wise precaution not only against cyber attacks but also from the possibility of an electronic malfunction of some kind. Use a secure cloud service which includes encryption and at the same time use an encrypted “external” hard drive or USB device to backup your data on site.

4.      Multi-layer Barriers – Incorporate a physical firewall into your local systems if your router does not have an integrated one. A private VPN may be of significant value, but be aware that not all systems, applications, programs will allow the use of a private VPN. Use a high-quality anti-virus program that is not “off the shelf” and regularly update your computer software and operating system to stave off the most current threats.

5.      Knowledge is Key – Staff who are not trained to recognize fraudulent emails, messages or other attack vectors will inevitably open a door for the cyber criminals. Regular training and reminders are critical to help all the users be suspicious and careful about clicking on links, downloading documents or other activities that might infect your system with malware, phishing software, malicious code or ransomware attacks.

In conclusion, educating yourself should be very high on your priority list. Imagine for a second what would happen to your business if your system was hacked and all your clients’ information was suddenly up for sale to the highest bidder? What if a ransomware attack encrypted all your data so that you couldn’t access it, and the criminals wanted $50,000 to unlock your data? Do you have cyber coverage insurance? Is your Wi-Fi unencrypted and open to anyone who happened to stroll by your office? Can anyone insert a small USB drive into the back of your receptionist’s computer and get access to all your files? Is your ONT and Router secured in a locked electronics cage? If not, you might be exposed to the rapidly multiplying cyber threats that can utterly tank your business or leave you facing extreme liability for failure to protect your clients’ confidential information.

Curry Andrews, Attorney