March 26, 2015

Small Business Security: Simple Safeguards Make A Difference

With malicious online incidents so often in the news, it’s easy to forget that some data breaches are caused by slip-ups in the workplace; forgetting to back up data, using unsecured recycling bins and not having rules regarding proper document management when working remotely.

For a small business with a limited security budget, that should be both a concern and a relief. While the risk of a small business data breach remains high, there are simple and effective safeguards that can be put in place.

Unfortunately, information thieves steal an estimated $1 billion every year from small and medium-sized businesses in the U.S. and Europe, according to an article at Mashable.

While the Fourth Annual Shred-it Security Tracker shows that 40% of small business owners still do not think lost or stolen data would seriously impact their business, in fact, 72% of smaller businesses that suffer major data loss go out of business within two years. 

The Security Tracker also shows that less than half of small business owners have a protocol for storing and disposing confidential information. The rest have either a protocol that employees are not aware of (13%), have no protocol at all (31%) or don’t know if they have such a protocol (9%).

Improving information security has to be a major priority for organizations of all sizes in 2015, states Fraud Prevention Month information. March is Fraud Prevention Month in Canada.

Small Business CEO and other industry sources provide these simple best practices:

  • On-Going Training. All employees need to understand why security policies and procedures are in place and exactly how to follow them. Security awareness training can be as simple as regular staff meetings where employees are updated about information security and taught the safest ways to share critical information online and handle confidential information outside of the office.
  • Secure Mobile Data. According to an article on Business News Daily, while nearly all small businesses have cybersecurity systems installed on their company’s desktop and laptop computers, only 60% have the same protection on their tablets and smartphones. One easy step to secure mobile data is to encrypt BYOD (Bring Your Own Device) devices with password protection. Use other tools to block malware and detect cyber-attacks.
  • Response Plan. Everyone needs to know what to do if a data breach occurs. Here is an example of a free Security Breach Response Plan from the International Association of Privacy Professionals.
  • Sweat the small stuff. According to Shred-it’s Small Actions for Big Wins data security checklist there are many commonly overlooked information security practices. For example, a business should provide lockable cabinets for confidential documents, employees should regularly change their passwords, and there should be document management procedures for storage and disposal.

Small businesses can reduce the risk of printed information falling into the wrong hands with these document destruction protocols.