Sorry, Your Business Will Never Be Safe. But Here's What You Can Do About It.
The digital age has gifted all of us with access to tremendous amounts of information and connectivity, but it also has made us vulnerable. Using personal information to buy online makes your data a potential target for thieves. Storing your company’s sensitive information in the cloud makes it easier for corporate spies to find.
In general, small businesses tend to overestimate how safe they rare. Ask any small to medium-sized business owner how protected his or her information is, and the person will probably reply “sufficiently.” Follow up by asking what the company is actively doing to protect against cybercriminal threats, and the owner probably won’t have an answer.
1. The opposite end of the spectrum
Those aren’t the only business owners out there, though. Some have developed a strong and ever-present fear of an imminent digital breach. That’s not unwarranted, given the statistics that say 50 percent of all businesses have been the victim of some kind of cyber-attack, and the highly publicized breaches of major corporate systems in recent years.
Among these obsessive firms, every potential breach must be identified and prevented, and they spend excessive amounts of money in pursuit of absolute security. But is this the proper response?
2. The illusion of security
Unfortunately, data theft is a reality of the digital age, and there’s no way to avoid it completely. In fact, according to the Web Security Bureau, complete web security is pretty much an illusion. There’s no such thing as “hack proof.”
If a thief wants into your house badly enough, no security system can stop him. The same is true for your digital assets. Consider the following facts.
- Hackers and security systems are two sides of the same coin. Technologies on both sides are developed and improved by the same kind of specialists, who are just people. It’s a cat-and-mouse game, so whenever a new “foolproof” security system arises, it’s usually a matter of weeks or months before it’s broken and the search for a better way starts again.
- Security is never “done.” Securing the digital side of your business isn’t like locking your house or setting an alarm. You’ll never be “done.” One slip -- like falling for a phishing scam or carrying in an infected device on your WiFi network -- can be all it takes to compromise your entire defense.
- Even major corporations have breaches. Even some of the largest corporations, who presumably have the very best IT professionals and even entire teams of cyber security consultants, are vulnerable to data breaches. No one is completely immune.
Feeling scared? That’s understandable, but you don’t have to be.
Related: Create a Back-Up Plan for Your Data
2. The right approach
Modern business security demands action, but overreaction can be just as unwise. You need to find a balance. Arm yourself with the best information you can find, take the measures that are practical without reshuffling your priorities or exhausting your budget, and stay apprised of best practices on a steady basis without getting distracted.
It comes down to this: If they work hard enough, theoretically hackers can get anywhere. If you make it harder for them, however, they’re more likely to move on to a different target or ignore you altogether. Security isn’t about constructing an impenetrable defense -- it’s about making sure you aren’t an easy target.
Here are some simple ways you can do this:
- Pick good passwords, and change them often. Most hackers don’t “hack” in by finding vulnerabilities in your code. They get in by guessing or stealing an employee’s password. Choosing good passwords that have many types of characters and no guessable formats (like dates or keywords related to your business) will increase your security. Rotating those passwords on at least a quarterly basis will help even further.
- Secure your WiFi connection. If left unsecured, your wireless Internet access can easily be infiltrated by a third party, who can then monitor all incoming and outgoing traffic (including emails and sensitive information).
- Inform your employees. Simple schemes are easy ways for hackers to get past your security. A download link or an attachment in a rogue email can be enough to bring down an entire system. Keep your employees informed of these schemes (as well as best practices for passwords).
- Segment your information. Giving all your employees unlimited access to all your data leaves your business extra vulnerable to potential attacks. If you can, try to segment your departments and systems with an eye to limiting the potential impact of a breach in any one particular area.
- Stay up to date. Situations and tools evolve quickly, so keep yourself informed. The Small Business Administration offers some effective tools you can use to keep yourself and your team abreast of best practices.
These web security best practices don’t demand a large in-house team, years of expertise or thousands of dollars to invest. In fact, you can do most of them with the resources and knowledge you have right now.
It doesn’t take much to introduce a base layer of security in your small business -- so why allow your operation to be vulnerable a moment longer?