4 Effective Data Security Tips for Small Business

Posted June 02, 2016

By Larry Alton

If your small business collects and stores sensitive information, it's absolutely vital that you develop forward-thinking security strategies to prevent data breaches. And by sensitive, we not only mean customer data, we include any business-critical data that your company could not run without. Failure to grasp the importance of data protection will cost you dearly, and the price to recover from a data loss will only get bigger—if you can recover at all; you don't want to be on the wrong side of that equation.

[Related: With SMBs at Risk, ISACA Shares its Data Security Know-How].

According to the 2015 Ponemon Institute study of companies and the cost of security breaches, the average total cost of an isolated incident has increased by 23 percent over the past two years. Currently, companies spend approximately $3.7 million per incident. That figure should catch every small business owner's attention.

Data security tips for small business

4 Tips to Improve Data Security

Instead of studying why security breaches cost so much and how they affect businesses like yours, let's get right to the point: How can you improve security to prevent cyber-attacks and to protect your sensitive small business data?

1. Create a Data Classification Policy

One of the best things you can do for your business is create a data classification strategy that allows you to control who can share and access company data—and how they do so.

In a blog post , data security vendor Digital Guardian explains data classification as follows:

"The data classification process involves first discovering data, then determining appropriate categories and classification tags, identifying various levels of sensitivity, and outlining policies and procedures that allow employees and others who come in contact with the organization's data to operate within the framework of compliance.”

The terms you use will vary, but typically you'll find at least three levels of data classification:

  • Public: This is the least sensitive level. In fact, it's not sensitive at all. This is data that causes little to no risk to the company if it were to be accessed (even by the wrong people). Public data is the type of information you release in fiscal reports, case studies, and sales documents.
  • Private: This category contains mildly sensitive data that could cause some backlash if it were compromised. Access is generally limited to company employees, and you may restrict it further to a particular department or position.
  • Restricted: This is the highest classification, and it refers to data that could cause a tremendous amount of damage if compromised. Access happens on a need-to-know basis only, and it's heavily guarded. Nobody outside of the company should ever have access to this data.

Depending on the types of data you store and your total number of employees, you may have as many as five or 10 different levels of data classification. The key is to restrict critical data from employees and co-workers who have no need for it. Allowing sensitive information into the wrong hands ends one way: badly.

2. Adopt EMV at Point of Sale

EMV payment technology has been a big topic of conversation for U.S. companies over the past year. October 15 marked the liability shift when businesses that don't accept EMV chip cards can be held liable for fraudulent purchases.

If you process credit cards and have yet to adopt EMV terminals, then it's time to talk with your payment processor about making the change. All it takes is a couple of fraudulent payments to put your business in a tight spot and damage your reputation with customers. It's best to address this now before it becomes a major problem.

3. Use Full Disk Encryption on Devices

Even if your company stores data in the cloud, it's possible that temporary files and other data will occasionally end up your personal mobile devices or computer hard drives. If that happens, it's imperative to use full disk encryption to protect your business from external threats.

Most new mobile devices and operating systems come with built-in encryption hardware, so check to see how to turn on these features. Older devices will need the appropriate technology installed, or else you'll need to replace them. <h34.> Increase Password Complexity

Finally, if password complexity isn't a priority for your business, make it one now. In addition to encouraging employees to use complex passwords with different character and number requirements, it's also smart to require regular password resets. This will help your business combat outside threats such as brute force attacks .

Keep Critical or Sensitive Data Safe

Small business owners need to focus more on protecting their critical business data. Cyber-attacks may be at an all-time high, but you also have access to ever better protection and prevention methods. Make sure you use them to the best of your ability.

Larry Alton is an independent business consultant specializing in social media trends, business, and entrepreneurship. Follow him on Twitter.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!

Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date