Community//

Security 101: How to Protect Your Business’s Data

Simple steps you can take today to ensure the safety of your business.

From 2013-2014, Yahoo was breached by hackers and over 3 billion user accounts were compromised. Three billion. The fallout from the security breaches was estimated to have knocked off $350 million from Yahoo’s sale price when it was ultimately acquired by Verizon in 2017.

While most businesses won’t find themselves victims of breaches of similar magnitudes, every single company should still be concerned with information security. Moreover, one Ponemon Institute study shows that, on average, each stolen record containing sensitive information costs $148. The total cost, worldwide, was $3.86 million in 2017, according to that same report. Attacks are more common than you might think. According to Wombat’s 2018 State of the Phish report, more than 76% of organizations surveyed reported phishing attacks in 2017.

Shifting businesses and data models to cloud solutions make businesses like startups, which usually can’t afford private or dedicated cloud solutions, more prone to things like phishing attacks and malware. This is especially important if your business handles consumer data.

On top of the legal and financial ramifications that come with a data breach, consider the damage your business’s reputation will also take. A data breach is costly, and a smart business owner would take every step possible to ensure that it doesn’t happen.

Here are seven tips to help you get your (security) ducks in a row.

1) Adhere to Basic IT Security Principles

When it comes to IT security, start with the basics. Use complex passwords, don’t open emails from suspicious addresses and don’t open links from sources you don’t recognize. While it may sound basic, even, the U.S. Department of Homeland Security talks about the importance of something as simple as using complex passwords.

Hackers will often look for the simplest ways into any system—and they start with these basics first. Firms may invest millions in sophisticated computer systems, outfitted with top-of-the-line antimalware systems. At the same time, the company will have an admin account that uses “123456” as their password. Make sure no one at your company uses any of the following passwords: “123456,” “123456789,” “qwerty,” “111111,” “google.”

2) Train Your Employees (All of Them)

As stated above, a heavy majority of businesses suffer from phishing attacks. These refer to instances when targets are contacted by thieves looking to steal valuable information. These often come in the form of emails, and these hackers can make themselves appear very real to recipients. Employees should all be trained on IT security and coached to never hand out sensitive information to anyone they don’t recognize.

This goes double for senior level executives. A common form of phishing, referred to as “spear phishing,” involves targeting a high-level employee with a lot of access to sensitive information. Unlike regular phishing attacks, spear phishing can be a harder to detect. That’s why it’s crucial your employees are trained on how to detect such attempts.

3) Use Two-Factor Authentication

Don’t settle on just having a single username and password combination. Take it a step further by using two-factor authentication. Users will be tasked with a secondary authentication sequence like confirming an email or inputting a code sent to their phone. This can be used for both employees and consumers.

Know that two-factor authentication isn’t foolproof. Again, training is crucial, and without it, two-factor authentication can fail. For example, an employee might see a request for access in an email and blindly click the link—allowing a fraudster to gain access.

4) Encrypt, Encrypt, Encrypt

Data encryption is key for sensitive information. Encryption simply means changing data into an unreadable state. Take it a step further by having encrypted data and keys on different servers. A startup most likely won’t have an inhouse encryption expert, but there are plenty of technology solutions that will encrypt data for you. Companies like IBM will often provide affordable prices backed with the expert of a large IT company that takes data security seriously.

5) Make Penetration Testing Part of Your Security Routine

Another tool available in the market is penetration testing. Tools that perform these sorts of tests will be able to identify weakness and vulnerabilities in your IT security measures. The comprehensiveness of these tests will vary as there are different price points for different companies. We highly recommend that these risk assessments be carried out on a regular basis. Be sure to check industry guidelines, since some industries like the health-care industry is required by law to conduct risk assessments on a regular basis.

6) Install Software Updates

Operating on an outdated version of operating software can be dangerous. Don’t ignore software updates when they’re rolled out since they can contain security patches to vulnerabilities that hackers exploit. The older the system is, the more serious this issue is. For example, it probably won’t be too much of an issue if you miss the latest update for Windows 10, but if you’re still running on Windows 2000, we’d recommend you upgrade immediately.

7) When Possible, Use Cloud Solutions

As a small business or startup, you likely won’t have the capital to construct an entire on-premise IT infrastructure. This is why most businesses house their data and information on cloud solutions. However, we recommend that businesses choose their cloud hosting solutions carefully. Cloud solutions are typically more prone to security breaches than on-premise solutions. This is why we’d recommend going with a cloud solution from a reputable IT company like Amazon, Microsoft, IBM or Salesforce. There are plenty of large IT companies that take data security very seriously and offer enterprise cloud solutions.

If hosting your IT infrastructure on a cloud-based solution isn’t right for your business, and you absolutely need 100% availability at all times with no down time, you’ll have to utilize on-premise solutions. However, carefully consider the costs of on-premise solutions. Ignoring the space and energy consumptions costs, the physical servers themselves can get quite expensive. Servers are typically known to reach upward of $30,000. If you can’t yet afford a serious piece of equipment like that, consider applying for a small-business loan to finance your small business needs.

These security measures might seem overblown to some business owners, but we do stress the importance of them. Protecting your information is crucial to the survival of your business, and when measured against the cost of closure, we’d say these costs are pretty small.

The Thrive Global Community welcomes voices from many spheres. We publish pieces written by outside contributors with a wide range of opinions, which don’t necessarily reflect our own. Learn more or join us as a community member!
Share your comments below. Please read our commenting guidelines before posting. If you have a concern about a comment, report it here.

You might also like...

Community//

The #3 Weakest Links Leaving Your Company Vulnerable to a Data Attack

by Evgeny Ponomarev
Community//

Two Ways The Social Media Can Tremendously Hurt You

by John Ejiofor
Community//

Embracing AI in Healthcare Industry: A Relief to Professionals

by Alika Cooper

Sign up for the Thrive Global newsletter

Will be used in accordance with our privacy policy.

Thrive Global
People look for retreats for themselves, in the country, by the coast, or in the hills . . . There is nowhere that a person can find a more peaceful and trouble-free retreat than in his own mind. . . . So constantly give yourself this retreat, and renew yourself.

- MARCUS AURELIUS

We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.