Small businesses do everything in their power to keep their workplace from burning down in a fire. Most businesses probably have an emergency plan of escape just in case. But many small- to medium-sized businesses are overlooking a critical component in keeping their businesses secure — they are not protected or prepared for a non-physical, but just as damaging, cybersecurity threat.
The hack of confidential data and unreleased films at Sony Pictures a few months ago was seen and heard around the world. It’s important for businesses of any size to realize that they also possess confidential correspondence and private client data, likely protected by even less security than Sony.
To keep digital information safe, there are five things any small business can do to protect the private data of its organization, employees, and clients.
• Take an honest look at the business.
Cybersecurity is a highly technical field — it’s likely that small businesses aren’t well-versed in current data security practices. Implementing a good security system starts with three simple questions:
Does the business know what it needs to do? Is the business capable of doing what it needs to do? Is the business willing to do what it needs to do?
Business owners and managers may not even know if their company’s data is secure or what tools and practices would help. Various industry regulations have their own standards for adherence. Evaluating current security and compliance levels is the first step toward achieving information security.
• Learn, learn, learn.
Does the company track and monitor all access to client/cardholder data? Does it employ and regularly update anti-virus software? If a small business can’t confidently answer the questions or doesn’t understand what the questions mean, education and awareness will help owners and employees start thinking about cybersecurity.
As the industry expands and data hacks and leaks become more frequent (even for large companies with established information security practices), conferences, certifications and courses are becoming increasingly available across the country, aimed at everyone from security professionals, curious small business owners and private citizens who want to protect themselves.
• Trust only the experts.
Self-education for awareness is extremely helpful for small business owners and employees. However, if the business doesn’t have a system in place, there is no substitute for an industry-specific security and compliance expert to design a data-security plan. The vast amounts of technical skills and specialized compliance experience required to create a legal and effective cyber defense simply can’t be figured out on the fly. If done incorrectly, small businesses leave their company and customer data vulnerable to theft, and they could be on the hook for serious fines.
• Refresh and review often.
Cybersecurity is constantly evolving. From clever new hackers and malware to rapidly-shifting federal and industry regulations, a good information security plan is always growing and adapting. Cybersecurity technology is always improving to protect against discovered threats, but hackers and data thieves are just as quick to find alternate methods. Even with a security system in place, it will become worthless if it’s not updated for the latest challenges and compliance regulations.
• Prepare for anything.
Cybersecurity threats and data compliance regulations across all industries change on a daily basis, so while companies of all sizes hope to protect themselves from any data or security breach, it’s crucial to be prepared. The hack at Sony and social-media breaches at CENTCOM and The New York Post received national news coverage with no warning. Small businesses can also face an emergency in the wake of an unforeseen cybersecurity breach.
For safety and liability, it’s critical small businesses take some time to plan how to handle a new regulation or respond in the event of a data breach.
By evaluating cybersecurity health, pursuing the education and experts to defend data, and constantly watching for new developments and risks, small business owners can provide information security, privacy, and compliance to everyone they serve.
Bruce Parkman is the CEO of MainNerve, a defense-grade cybersecurity company in Colorado Springs. A retired sergeant major and Green Beret, he is a regularly featured guest on Lou Dobbs Tonight (Fox Business Network), discussing cyber trends and threats in the U.S. Contact him via email@example.com.