IT security is often seen as an issue that primarily affects large businesses. The well-publicized security breaches at corporations like CVS and Target were likely due to the fact that these businesses keep personal information on millions of customers. However, smaller businesses are now being targeted with greater frequency, according to a 2015 study in Tech World. This study shows that small businesses accounted for 18 percent of the reported breaches in the first half of 2015. Common methods of keeping small businesses secure include best practices for mobile devices, passwords and payment cards.
The use of passwords that are easy to guess is a common mistake for many small businesses. Users should also be required to change their passwords at regular intervals, typically at least once every six months. Business owners should consider implementing a multi-factor authentication system that requires the user to provide more than just a password to login to a computer, especially if it contains particularly sensitive data. Many cyber security companies offer software with this type of authentication.
The proliferation of mobile devices in the workplace has created significant security issues, even for small businesses. They can hold large amounts of confidential information, so all businesses should implement reporting procedures for lost or stolen mobile devices. Mobile users should be required to use logins for their devices and encrypt their data. Specialized apps can also prevent hackers from obtain information from mobile devices while they’re connected to a public network.
Large businesses routinely control physical access to their facilities, but this aspect of security is often neglected by smaller businesses. Portable devices such as laptops and tablets should be kept in locked rooms when not in use. Each employee should have a separate account so that administrators can determine who did what on these devices. Only the most trusted IT staff should have administrative privileges for portable devices.
Payment cards pose a major security risk due to their financial value. Businesses should only use financial institutions and processors that implement trusted, validated tools to prevent payment card fraud. Payment systems should also be isolated from less secure systems. For example, computers that process payments shouldn’t be used to surf the internet.
All data should be backed up regularly, but critical data needs to be backed up more frequently. The most important data for small businesses typically includes accounts receivable/payable, human resource files and intellectual property. Businesses should perform backups automatically at least once per week and store it in an offsite location such as a cloud platform.
CSCI provides IT security for small businesses in the San Diego area that protects them from hackers, spam and viruses. Our enterprise-level security system includes Unified Threat Management (UTM) on a cloud-based platform, which allows you to defend your business from threats as they occur without the need for updates or plugins. Contact us today to find out how we can help you with your cyber security needs.