When it comes to security for small business owners, it’s not a matter of if, but rather when your information will be compromised. Malicious hackers have been on the rise, with major companies and small business owners trying to keep up via software patches, new methods of acquiring and storing customer data, and utilizing cloud computing. Losing customer data typically spells death – the moment that a customer is informed that sensitive information like tax records, contracts, confidential data, and contact records are published, then your small business will be smeared and will never be able to recover.
Cybersecurity goes beyond malicious hackers – even natural disasters can wreak havoc on data centers. An eight-person law firm in Miami was decimated by Hurricane Ike in 2008 and was forced to close its doors after decades of business. Everything that they owned was destroyed – and the frustrating part is that with a bit of a proactive approach, the small business could have survived the natural disaster. Fortunately, we have reached a plateau where data recovery and the advent of cloud computing has augmented cybersecurity. Now companies are much wearier and have put capital in the security of sensitive records.
Continuing Business Continuity in the Face of Disaster
Many small businesses are lackadaisical when it comes to securing their data and maintaining business continuity. Here are some misconceptions and even myths surrounding data security that are much too common for some small business owners.
Mistake 1: my data is secure since it’s backed up on the premise. Many small business owners believe just because their data is backed up in the actual brick-and-mortar store that they run, that customer information will be secure from prying eyes. However, all you have done is put all of your eggs in one basket – and make it easier for anyone to swipe one right from under your nose.
Just because your premises are secured, doesn’t mean that customer records are safe from threats. You can help improve security by securing sensitive data with a trusted third-party. Data acquired in an off-premise data center will not only offer layered protection, but it’s a scalable option. And just because the data is off the premise, it doesn’t mean that it is not accessible. With the proper authorization, a designated employee can still access information on the whim with a device that is connected to the business intranet.
Mistake 2. I have the greatest and the latest PC – so I’m protected from security issues. Even though you might have the latest hardware, that doesn’t guarantee that it comes with the newest software. Yes, many computers come with their native firewall and virus protection features that guard against common business threats. However, as a business owner, you are going to experience a different level of malicious hacking via keylogging and spyware that the average consumer will typically not have to experience. PCs should have the latest software firewalls enabled to monitor incoming and outgoing information. But instead of just focusing on the PC, the business intranet and its routers should also have a layer of security protection. This way if a computer is compromised for some reason, the Internet router already has a layer of protection to fall back upon.
Mistake 3. I’ve installed new security protections in the past couple of years, so I’m good. Over 6000 computer viruses are being released every month – your outdated software is not cutting it. Many of the free trials that come with a new laptop or computer are mostly inadequate, especially for the small business community the need tools that are more robust. Not only that, but so many small business owners are busy with other aspects of their business, that they sometimes do not notice when the free trial of their antivirus software has expired, with the computer now susceptible to prying eyes. It’s better to uninstall these programs and install a robust antivirus and anti-spyware program. Many business level software come at a bundle that is attached with IT services that not only secure files, but also secures desktop applications from malicious actions.
Update Your Browser And Operating System
Most major operating systems and reputable browsers understand that there is a slew of viruses and phishing attempts, with security patches being released on a regular basis to help circumvent it. Small businesses can quickly be taken advantage of due to the lack of security on the operating systems and browsers. But these security threats can easily be thwarted with automatic security patch updates that will protect your machine, software, and sensitive information from hackers. One of the benefits of security updates is that they are largely automatic in the settings. That means that you can focus on other aspects of your business and allow the operating system and browser to update itself on regular intervals without your intervention.
Internal Security Issues
While the majority of the security attacks come from outside sources, it’s also important to factor in internal factors that might compromise data. As an organization’s operational boundaries expand and adopt handheld wireless devices including mobiles, phones, and tablets, it’s important to understand that these devices offer a layer of convenience, but they can also be an access point for malicious intent. Internal sources like employees, dealers, and partners may gain authorized or even unauthorized access to an organization’s network or data storage. Failure to address and manage these threats only risks valuable assets and your organization’s reputation. Here are potential areas of internal security breaches that small business owners and organizations need to conceptualize to address effectively.
Portable devices. Portable devices include handhelds as well as hard drives that are used by an employee with access to a workstation or service. In most cases, these devices are not documented or even registered as part of the internal infrastructure. As a result, there is a risk of unwanted uploads and downloads of data. These mobile devices may be secure, but the person accessing the information may not be following protocol, especially if they’re using the device off-site. Another person can obtain the device and use it for suspicious activity.
The majority of antivirus vendors offer software patches for the users over the Internet on a regular basis. If the software isn’t kept up-to-date, then information stored on the network or even hard drives can be compromised by a virus or malware.
It’s also important to be wary of wireless connectivity in public spaces such as airports, hotels, and fast food establishments. Even though the Internet access is convenient, it’s open to anyone and should not be used for actual business transactions. Not only that, but there is also a chance of the establishment recording any data that communicates with its Internet.
Email attachments are one of the easiest ways that phishing attempts are enacted. The phishing attempts look like an authentic email, but attempts to get the victim’s sensitive information when you click on a link. This is why it’s particularly challenging to pinpoint phishing attempts. To help stop these attempts, use antivirus and anti-spyware software that also scans incoming and outgoing emails. The software will scan executable files that can compromise the workstation.
Peer to peer file sharing involves opening communication ports between download and upload streams to a single workstation. These ports are notorious for sending viruses and spyware, decimating unsecured computers.
Do not forget the disgruntled employee. Sometimes employers that have been fired or removed from their stations will rebel and compromise information. This is particularly true if these are individuals who have authorized access to personal data. Whether out of spite or revenge, it’s essential that you enact proper security protocols immediately before firing an employee to stop them from any wrongdoing.
System administrators are responsible for implementing and maintaining data security measures to mitigate risks. However, a poorly trained IT personnel can unintentionally create security threats due to a lack of knowledge. If you are going to utilize an IT personnel, it’s important that they have the proper certification to ensure that they are up-to-date with the latest procedures for managing sensitive information.
In our experience, the majority of these issues are remediated with the help of the New York Nerds. The New York Nerds has been founded in 1994 and has been providing superior computer repairs and support in the tri-state area.