The Internet has opened a new world for small business (SMB) owners. No longer do you have to send mailers that more than likely end up in the garbage. Now, thanks to the Internet and Google, potential customers search for their type of goods or services and follow a made-to-order pathway to your website.
Unfortunately, this convenience opens a door for hackers, too. What this means for SMB owners like you is, now there are two fronts to protect — your brick-and-mortar business and your computer networks. Yes, it’s double the trouble, but failing to secure either can leave you open to loss of goods as well as loss of secure data.
If you haven’t taken stock of your security practices lately, there’s no time like the present.
Physical Security
Doors and windows are a logical place to start. Consider the following questions:
- Have you considered an access control system? Installing one that utilizes specialized credentials such as keycards will allow you to limit access to your building and any sensitive areas. With some systems, you can specify the time and day to coordinate with employee shifts. You could also revoke access should you terminate employment.
- Do you have a key distribution system? Hopefully you’ve upgraded your locks, especially those that secure areas that house sensitive files or intellectual property. The question then becomes how to distribute keys to authorized personnel. One solution is to install a PIN-protected lockbox that keeps track of who used the keys and when.
- Have you installed video surveillance cameras? Mounting security cameras on your building’s exterior can deter thieves and vandals. Indoor cameras can help you monitor inventory, safes and sensitive areas — as well as employee practices. Should an intruder gain entrance, the video footage will help police apprehend him or her.
- Who monitors your security system? Choose an outside company that will automatically notify you, or a designated employee, should your alarm sound before notifying the police. This will save you money levied by police departments for false alarms.
- Have you instituted an emergency and response communication system? Your employees should be trained on how to handle the case of an intruder, active shooter or suspicious package. Establish who will communicate the threat to the rest of the staff and how. Have a backup plan in place, as well.
Cybersecurity
Don’t labor under the false pretense that your company wasn’t big or important enough to interest hackers. Many SMB owners discover the hard way that cyber intruders are equal-opportunity invaders. According to the U.S. Congressional Small Business Committee, 71 percent of data breaches take place at businesses with fewer than 100 employees. You don’t hear about those cyberattacks because giant corporations like Target and Yahoo make for bigger headlines. Hackers like it that way because they depend on such complacency to provide cover as they invade SMB servers, networks and PCs.
The first step in shaking off complacency is to be aware of the types of cyberattacks that are but a keystroke away. Most importantly, share the information with all employees.
Common types of cyberattacks include:
- Advanced persistent threats (APT): A type of “Where’s Waldo” attack using multiple small incursions that remain undetected until they can gain a foothold in the system.
- Distributed denial of service (DDoS): Overloading a targeted server with requests to the point that they shut down a website or network.
- Malware: An umbrella term covering viruses, worms, ransomware, Trojans and other malicious software programs injected into targeted systems to cause damage or gain access.
- Phishing: Using legitimate-seeming email and links to lure employees to equally legitimate-seeming websites to steal log-in credentials or credit card information.
You can also arm yourself by installing special security software, such as:
- Anti-virus software: Defends against most types of malware.
- Firewalls: Hardware or software solutions that prevent unauthorized users from accessing computers or networks.
- Encryption software: Codifies sensitive data such as financial statements, employee information and customer/client records.
- Two-step authentication: Supplements passwords and PINS by requiring a second type of evidence to establish authorized access to a network, computer, website or application. Examples include answering preselected questions, a texted PIN or biometric identifiers (such as fingerprints or facial recognition).
The Minimum
Hopefully you have already put the following practices into place:
- Keeping your software up to date and applying all security patches: These are fixes issued by software developers to repair vulnerabilities and flaws that open the door to hackers — including the dreaded zero-day attack.
- Protecting your data with a backup solution: This provides redundancy and recovery should your system suffer a breach.
- Establishing and enforcing a security policy: This includes educating all employees regarding risky practices such as sharing passwords; regulating what mobile devices they can use; and the penalties they can expect should they fail to comply.
Arguably, a security policy may be the most critical because without employee compliance, all your physical and cybersecurity policies are in vain. Implement the above tips and see how your SMB’s security can improve now and well into the future.
