Small businesses are just as much at risk for a major data breach. But for SMBs, a data breach is not only newsworthy, it’s costly. The average recovery cost from an SMB data breach ranges from $36,000 to $50,000, according to Security Magazine.
The best way to protect your business from a data breach is proper planning and frequent testing.
How to Protect Your SMB from Data Breaches
1) Train your employees
Your employees are the cornerstone of your data security plan. Protecting your technology is important (we’ll get to that), but human error is to blame for most data breaches.
Train your employees to help protect sensitive data by:
- Creating awareness of what Personally Identifiable Information (PII) your company stores.
- PII includes social security numbers, credit card information, driver’s license numbers, etc.
- Let employees know you might have this information for clients, current employees, former employees, spouses, dependents, vendors, and more. Sharing the magnitude of the data will make it more clear why it is so important to protect the data.
- Do not store unnecessary PII, send PII in emails or post PII on social media
- Educate employees on how to identify phishing emails and websites
- Practice password security
- Create strong passwords and store them securely.
- Do not share passwords with anyone
- Do not re-use passwords across different websites
- Learn risks of using their personal devices with company data
- Assigning employees personal laptops and phones might improve work functionality, but it also opens your business up to security risks. Educate employees on the risks of using their personal devices to send or store company data.
2) Put employees to the security test
Security education and training is of no use if your employees forget their training or don’t implement best practices.
Testing the security savvy of your staff regularly can give you peace of mind your employees are keeping technology safe.
- Quiz people in your organization on their security knowledge and insist on passing grades.
- Perform regular security drills and inspections to ensure people are following security rules
- Simulate phishing email attacks to measure how your employees respond
- Follow up with employees that click on a phishing email to give them more training
3) Protect your network
After your employees, the ensuring the security of your network is critical component in protecting yourself from a data breach.
Work with your Managed IT Services provider to protect your network with encrypted communication, VPNs, firewalls, vulnerability scans, penetration testing, and more.
Cleaning up attacks from hackers, malware, and viruses is almost always more costly than preventative maintenance.
4) Secure your devices
Giving employees company-issued phones and laptops can help them work more efficiently no matter where they are. But they also put your systems at risk when employees aren’t on your internal network.
Secure your smartphones, USB drives, tablets, and laptops through identification, tracking, and encryption.
Securing devices is especially important if employees can take their devices on the road.
5) Secure physical space
Implementing safety measures to secure your physical office space protects your devices and data. It protects against opportunist thieves and also from employee theft.
Secure your physical space by tracking and logging visitors and limiting access with locked doors.
6) Create clear policies for disposal of data and devices
Policies for the appropriate disposal of physical and electronic data will make sure sensitive information isn’t left by the wayside.
Create clear and concise written policies on the use and disposal of sensitive data.
For example, any sensitive paper records should be shredded. Before any device is disposed of, disk drives should be wiped clean.
Also include proper procedure if a device is lost.
Incorporate these policies into your employee training and test them regularly.
7) Inventory your data locations
We access a huge amount of data on a regular basis. Data on our servers, data in the cloud, data in our filing cabinets, and sometimes even on sticky notes and laptops. For this reason, it is important to locate, understand, and limit where your sensitive data resides.
Developing clear policies for the storage and access of sensitive data will help keep this uniform across the company.
8) Limit vendor and visitor network access
Set up a separate internet or wifi connection for guests. Only permit guests to access a restricted internet connection in your office that cannot access your servers, cloud resources, or other sensitive information. Be aware of what’s visible to vendors’ computers if they have remote access to your resources.
Preventing Small Business Data Breaches Requires Constant Attention
Talk to your managed service provider about what steps you can take to keep your systems secure and your team educated.