Don’t think of your business as being too small for anyone to notice—whether you have 10 or 1,000 clients—your customer data is valuable to hackers. SMBs can be more ruthlessly affected by security mistakes than larger businesses due to the revenue and staff ratio. If there were to be a security breach, recovering and/or recreating data could be expensive, challenging, and time-consuming.
Small companies often have employees who wear several hats, but a layman in charge of security could be a disaster waiting to happen. There are excellent San Diego IT consulting companies available who can set up, update, repair and monitor your infrastructure at very affordable rates.
Lack of proper compliance is a common tendency of SMBs. Start out with a strong security mentality and become familiar with PCI, the Health Insurance Portability and Accountability Act (HIPAA), the Federal Information Security Management Act (FISMA) and other regulations. Having to track down lost data, in the case of an audit, would be no fun at all.
Don’t forget customer credit card protection. All businesses, no matter the size, need to comply with Payment Card Industry (PCI) standards to accept credit card payments. This way, you will be protecting your customer’s information safely and securely.
Don’t be too generous with access to your wireless network. Outsider and staff devices could be infected, and without proper security, could un/knowingly spread to your network. Work with your IT support company in San Diego and create a separate private network that outsiders can access without exposing your main network.
Don’t overlook storage security. Improper backups and unencrypted cloud storage can really hurt your company. Remember, they are an SMB’s best protection against attack and loss of data.
Don’t let the casual ambience of a smaller business lead to a lax approach to policies. Password policies are often ignored or non-existent. Have staff change their passwords for critical resources every 90-180 days and don’t allow “weak” passwords. There should be minimum number of characters and alphanumeric requirements. Also, failure to change key settings upon staff departure is a huge oversight.
Don’t forget rules for BYODs. If an employee’s personal phone, tablet or laptop is lost or stolen, outsiders can gain access to your company IP and customer data. Create an encryption policy, including hard disks and flash drives, and enforce it on your staff.
Don’t skimp on Anti-Virus Software and Firewalls. Choosing cheaper anti-virus software in place of higher end software is a true crime for a small business. You get what you pay for, and it’s important to keep your software updated as well, using the latest version so that security updates work, (think of Windows XP, which is now obsolete).
Don’t delete. Remember, if you’re tossing old equipment wipe the hard drives (or physically destroy them), deleting files doesn’t make them disappear. You may want to work with a reputable company who can help you with this.
There are multiple issues for an SMB to consider when it comes to security. Take the time to examine your infrastructure and policies. Remedy any weak spots and enforce new rules as soon as possible. A company that fails to set up suitable security procedures, may as well send out invitations for a cyber-attack.