by Jim Martin
Your computer database is one of your most valuable assets. It contains your financial records, your personnel records, your customer records and (quite often) all your business secrets (including all your intellectual properties. Given that, protecting your database must be (but seldom is) your most important job. If you accomplish all other key tasks but find your data stolen, your business will be hard pressed to survive. Consider the following key steps in cybersecurity.
First, protect yourself from viruses, spyware, and other malicious programs. Ensure that all your computers are equipped with antivirus software and anti-spyware. Update these programs regularly. A variety of protective software is readily available online. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. They also monitor the net looking for new viruses and other malware. Several magazines test and rate protective software annually. Read several of those ratings before you make a selection. Trust the reviews more than advertising claims. Whatever program you select, ensure that its updates automatically download to your computer. For this reason, subscription is often preferable to outright purchase.
Second, secure your networks. Safeguard your Internet connection with a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. Allow several levels of access, with only the top level (network administrator) able to make network changes. If your security software provides a firewall, ensure that it is optimized for a network.
Third, make security practices and policies a key element of employee awareness. Clearly define how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating cybersecurity policies. Educate each employee about online threats and how to protect your business’ data. Focus particularly on the threats posed by social networking sites. Internet active employees might inadvertently inform competitors of sensitive details of your internal business. Inform employees how to post online without revealing any trade secrets to the public or to competitors. Hold employees accountable for Internet security policies and procedures. Part of this security should include limiting access to computers to only those employees whose jobs require use of the computers. Only key IT personnel should have network administrator access.
Fourth, teach employees to use strong passwords and to change them frequently. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with vendors who handle sensitive data, especially financial institutions, to see if they offer multi-factor authentication for your account. Strong passwords should have a minimum of eight characters with at least one capitol letter, one lowercase, one number and one symbol (the top row of the keyboard). The additional information should be chosen by each employee and known only to the one who selected it.
Fifth, ensure you are properly handling debit and credit cards. Work with your banks or card processors to install the most trusted and validated tools and anti-fraud services. Separate customer payment systems from other programs. Do not allow any computer used to process payments to be used for Internet surfing. Expedite your shift from magnetic-strip payment cards to safer, more secure chip card technology, also known as “EMV”? October 1st is the deadline set by major credit card issuers for compliance. Visit SBA.gov/EMV for more information and resources.
Sixth, properly protect your web pages. You need to protect not only sign-on pages and home pages, but every page to which an employee or customer has access (particularly where there is off-site access). While it is rare, unscrupulous competitors (or disgruntled ex-employees) can do serious damage to your business image (and to some data) through unauthorized access to your web page.
Seventh, backup all business data and information. You don’t have to do this on your own. There are cloud based services available. But don’t just buy one. Do your research. Ask about their security levels (including depth of encryption), the frequency with which they capture your data, how tightly access by your employees is controlled, access by outsiders, and so on. Regularly backup the data on all computers. Critical data includes all company communications (including drafts), financial information, databases (particularly production and technical data), human resources files, and accounts receivable/payable files. The more frequent the backup rate, the more secure you will be. If you use physical storage for backup, use a separate storage device which cannot be accessed by anyone other than your security administrator. Writing to the device should be automatic and outside the control of those using individual network stations.
Lastly, back up what you do with an action plan, and make sure it includes mobile devices. Mobile devices can be your greatest security risk, especially if they store confidential information or have access to the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
None of these steps is difficult if you have the proper technical support. If you don’t have an IT expert on staff, it is worthwhile to hire one (but again, do your research!!). Protect your data. You will protect your business, your income, your future and perhaps even your sanity.