“Business security is important both online and in the real world.”
Just because your business is small doesn’t mean it’s not an attractive target for thieves or hackers.
As a small business owner, you’ve worked hard to grow your company from the ground up. To protect everything you’ve built, it’s important to make sure your digital and physical assets are secure.
This guide will explain:
- The ways in which your small business may be vulnerable
- How to create a culture of safety
- How to protect your digital assets
- How to protect your physical assets
Small business security threats
Is your business vulnerable? In short, yes. Just because your business is small doesn’t mean it’s not an attractive target for thieves or hackers. Data is valuable and, in an increasingly digital world, customer information can be just as attractive as the money in a cash register.
Creating a culture of safety
Taking responsibility for keeping your small business safe should come at every level of your company. In 2017, Keeper Security and the Ponemon Institute surveyed 1,000 small- and medium-sized IT leaders to get an idea of the state of cyber security. 54% of data breaches happened due to a negligent employee or contractor. But, your employees can’t combat an enemy if they don’t know that enemy exists.
To protect your business, educate your employees about data security. Let them know how you rely on them to keep everything from customer data to password protection secure. 47% of respondents to the Better Business Bureau’s 2017 State of Cybersecurity Among Small Businesses in North America listed “employee education” as one of the ways they reduce cybersecurity threats. Hold a yearly meeting to update your employees on your company’s safety and security policies. Reinforce some of the basic principles that will be discussed later in the article, but also make them aware of new threats, most likely in the digital realm, so that they can be diligent about their internet practices.
Ways to protect your digital assets
According to the Keeper Security and the Ponemon Institute, 61% of small businesses experienced a cyber attack in 2017. And of those attacks, 63% targeted customer records. Your reputation with customers is crucial and that trust might never be built again if you lose their data—such as credit card information, home addresses or even social security numbers.
The 2017 State of Cybersecurity Among Small Businesses in North America survey found that 11% of respondents had no cybersecurity measures in place. The two biggest factors identified in the survey for not advancing cybersecurity efforts were lack of resources and lack of expertise and understanding.
Here’s what you can do to ensure a safer cyber environment for your small business:
Secure your server. Make sure there are limited points of entry to protect your company data as well as to keep your customer data safe. Set up firewalls. Keep backups of data offsite in case you’re hacked so you can back up your data and get up and running again quickly. Limit access to your data to only essential people.
Keep emails clean. Emails are your weakest point of digital entry. This is mostly due, usually unwittingly, to your employees. Make sure you have software that scans your email for potentially dangerous links and viruses. Also, make sure your employees are educated on common phishing tactics and other email scams. For example, encourage them to ask about suspicious emails and never to click on links or attachments unless they’re sure they are legitimate.
Password protection. Passwords should not only be complicated but changed frequently by employees to discourage hacking. It also may be beneficial to implement two-factor authentication for very sensitive programs that may have a lot of valuable data. If you or your employees have a hard time remembering passwords, consider using a password management system to discourage using easy passwords.
Anti-virus software. Invest in programs that detect potential threats to your system and eradicate them. These programs may be actual software or cloud-based security systems.
Work with a security company. Many small businesses don’t have a designated IT person on staff. But, even if you do, it could be worth your while to hire a company to stay on top of your anti-virus and cyber-attack protections. Consider security a sound financial investment. That investment will pay off in the long run. The 2017 State of Cybersecurity Among Small Businesses in North America survey found that 17% of respondents named an outside cybersecurity prevention firm as a way they keep their data safe and another 17% listed an internal IT person or security team as a measure to reduce threats.
Stay informed – If you’re not working with an IT person or a security company to head up your cyber protection efforts, you’ll need to make sure you’re keeping your virus protection software and other cyber security components up to date. Threats are constantly evolving and software companies frequently release patches for their software to protect against threats. Do your reading, too. Follow people on social media who write about cyber security so you can stay on top of the latest threats.
Taking responsibility for keeping your small business safe should come at every level of your company.
How to protect your physical assets
Protecting your digital information is a moot point if your brick-and-mortar office spaces or stores are not secure.
Location, location, location. If you’re shopping for a new location for your business, do your homework before you pick an address. Check out the neighborhood crime stats and knock on a few business owner’s doors to ask about safety concerns.
Once you choose a location, familiarize yourself with local law enforcement so that you know each other and you are comfortable working with the department if a problem was to arise. Get to know your neighbors, too, and think about joining local business associations. Having people who will keep an eye on your business when you’re not around, and doing the same for them, is a huge asset.
Comprehensive interview and hiring practices. Maybe it won’t come to running background checks on all the people you hire, but are you calling references? Are you checking their digital footprints? Before you hire, take a look at each candidate’s social media presence and also do a simple Google name search. Also, check as much as you can that the information on each resume is accurate. The Small Business Administration recommends using reference checks, background checks, personal character examinations and police reports during the hiring process.
Limit employee access. If an employee doesn’t need access to documents or records of a sensitive nature, don’t make them available. The same goes for keys—only give copies of keys to the people who absolutely need them. Keep track of who has access to your digital and physical spaces.
Security system. If you don’t think the lock on the door is going to do the trick, invest in a security system. Choose one that notifies the police about potential intruders. Deadbolts and padlocks are some of the best locks. Also consider using timed locks, which means the locks open and close at certain times and all openings are recorded.
Make your physical space unattractive to theft. Small changes to your routine and physical space can make your business an unattractive place for a crime of opportunity. Make regular deposits and don’t keep cash on hand. Install indoor and outdoor lights. Install the most secure and appropriate locks. Secure doors, windows and any other potential entry points. Make sure landscaping, like shrubs and bushes, isn’t blocking your doorways or windows. Whenever anyone walks into your business, you should acknowledge and make eye contact with them so they know they’ve been seen.
Taking just a few precautions to protect your digital and physical business assets can go a long way. You’ve worked hard to build your company’s reputation, so don’t risk losing your clients’ trust with a breach of their information. One of the best things you can do, too, is limit the number of people who have access to your important information and engage your employees in safeguarding your business.
If you find it interesting, you can read:
Reference: keepersecurity, bbb, uschamber