In today’s Business climate there are many ways businesses face risks. Some businesses are in industries where they take risks just by being open for business. Take a roofing company for example. They have employees who climb on top of a house on a daily basis. That is a pretty big risk. Other businesses face risks in other ways like hiring and firing employees, generating enough revenue and becoming victim to a data breach. Data breaches are one of the most dangerous risks that many businesses fail to protect themselves from. It does not matter the size nor the scope of your business, hackers are targeting you.
Two of the largest data breaches in history show the seriousness small businesses should take when considering their risk of being a victim of a data breach. Those two data breaches were Target and Home Depot and both of those breaches were accessed by first hacking into a smaller company. In Targets’ case, the business was Fazio Mechanical Services, an HVAC company hired to work on the heating and cooling systems at just a few Target locations around the Pittsburgh area. In the case of Home Depot, the third party company provided credit and debit card processing. Both of these companies had been exposed for weeks if not months prior to the hackers accessing the system of the larger company. If your business partners with any larger companies than you are a prime target for hackers who want access to those larger databases.
Even if you do not work with any larger business you are still at risk of being a target for hackers. These hackers can still use the information of your customers. This is a costly risk that your business may take if you do not properly insure or take the proper precautions to protect your business. According to the Ponemon Institute it costs a business on average $174 per record. Considering these numbers, it would cost your business more than $17,000 if you lost the records of just 100 customers. If that were 1,000 records it would cost $174,000. If that is not a cost your business can withstand then you need to be taking the proper steps to prevent this from happening to your business.
Here are four simple things your business can do to prevent a data breach.
Train your employees
The prevention of data breaches starts with your new hire training. If an employee uses a computer, they need to be trained about how to properly protect the device from hackers. Never assume anything. Many employees may be very capable of doing their job, this does not mean they are computer savvy. This does not mean they are properly trained to protect your business from hackers. Just a little bit of time and effort can properly prepare your employees to defend your business against hackers.
Help employees protect their work space
Logging out and locking up a work space is crucial for all employees. Even in the case of an employee just stepping away to the restroom, it is crucial to always lock up their devices. In most office settings, there are customers, vendors and other employees who potentially could gain access to a computer. On top of locking down all devices, it is also important to not write down passwords on a Post-it note or some other piece of paper. It may be rare, but if these passwords fall into the wrong hands it can cost your business immensely. Not all data breaches occur electronically. Many happen because of something as simple as a piece of paper with a password falling into the wrong hands.
Purchase adequate Data Breach Insurance
If you are in business long enough some type of accident is going to occur. It is not a matter of if, but when. That is no different in the case of a data breach. Most small businesses can have data breach insurance bundled with their other insurance for a relatively small amount. Depending on the size of your business this can cost as little as a few hundred dollars. That pales in comparison to the thousands it will cost to repair your business after a data breach occurs.
Require long passwords
Passwords need to have a bare minimum set of requirements. It is usually best to give your employees examples of what you want. What may seem secure to one employee is not acceptable across the board. Here are some examples of password you can use to demonstrate strong and weak passwords.
This would be an example of a password that is extremely secure.
This would be an example of a password that is a little less secure, but easier to remember.
JoeSmith or password
These are examples of terrible passwords that should never be used.
I personally like using something like the middle password. This allows me to change just the word Basketball with the time of the year. In the Fall I might use Football or Autumn, in the Winter I might use basketball or Thanksgiving. As long as you are keeping the other numbers and special characters random it is difficult for hackers to hack through these secure passwords. This allows me to change the password frequently but not having to remember an entirely new password. The birthdays of yourself or a family member is never a good idea. There should also be a time period for how frequently a password must be changed. Every 90 days is a good rule of thumb, but many businesses have different requirements based on the needs of their organizations.
In today’s day and age, there is no reason any personal information should ever be disposed of without first being shredded. There are outside businesses that can dispose of the shredded material. Some of these businesses will even recycle this paper, which is something you can share with your employees, customers and vendor partners. If any of these groups are environmentally conscious this can be a bonus to them and will add to your credibility as a business.