May 15, 2018

10 Data Security Tips to Help Keep a Small Business Safe


A recent Mantra poll showed that 87% small business owners think they’re not at risk of experiencing a data breach. But over 60% of small and medium sized businesses actually experienced a cyber attack, according to Ponemon Institute's 2017 State of Cybersecurity in Small & Medium-Sized Business report. Small businesses, in fact, are seen as easy targets because they typically have small data protection budgets and do not emphasize security in staff training.  

10 Data Protection Tips for Small Businesses

Increase Security Awareness in the Workplace

Create a culture of security so that everyone, from the management to frontline, is aware of the importance of information security. Almost 1 in 5 breaches is the result of employee error, according to Verizon's 2018 Data Breach Investigations Report.  

Stay Up to Date with Data Security Threats

Keep up-to-date about the threat landscape and train employees how to identify and deal with the most prevalent threats. Phishing and social engineering scams accounted for 48% of cyber attacks against smaller businesses, according to the Ponemon research. There’s also been an increase in ransomware – 52% of respondents experienced a ransomware attack in 2017 compared to just 2% the previous year.   

Invest in Secure IT protection

Keep all operating systems, browsers and other software up-to-date with the latest protection and set them to update automatically. Strong password protection must be part of on-going employee training. Turn on two-factor authentication. 

Use a Dedicated Server

Experts at smallbiztrends.com say that one of the single biggest mistakes small businesses make is using a shared server to host their files. Switch the business to a dedicated server to reduce the risk of being hacked by an outside party. Use the strongest encryption setting too.

Consistently Backup Your Files

Create offline – and off-site – backups of important files so if computers are compromised, there’s still access to files.

Be Aware of Mobile Device Security

Encrypt data, install security apps, and teach employees secure work habits – for example, never leave mobile devices unattended, and do not download unapproved and possibly malicious apps. 

Adopt EMV to Protect Card Information

If the business has a payment system, adopt EMV (Europay, MasterCard, and Visa). The encrypted payment system uses microchips to protect the information in the card.  

Establish a Secure Wi-Fi Network

Make sure the workplace Wi-Fi network is secure, encrypted, and hidden and set up a second, public network for customers. Train employees to avoid sending confidential information over public Wi-Fi.

Conduct Background Checks

After cyber crime, inside jobs are the biggest threats to a business. The 2018 Report to the Nations study on occupational fraud and abuse showed that small businesses had the greatest percentage of fraud cases (28%) and suffered the largest median loss ($200,000). Train employees about workplace fraud, and be extra vigilant when it comes to screening employees.

Properly Destroy Confidential Data

Criminals and hackers still use traditional methods of accessing confidential data. Properly dispose of information by having it securely shredded by a professional service provider. The same goes for digital information and old or broken down hard drives – they must be securely destroyed so that all the information saved on the hard drives is destroyed too.

Start Protecting Your Business

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.