Manage Your Business
4 ways to keep your business data safe
This story is part of the Chase for Business Guide to Disaster Resilience, an original series aimed at helping business owners plan for and bounce back from disasters. It is brought to you by Chase Business Banking.
After seeing several clients experience ransomware attacks in 2017, Warren Hershkowitz, owner of a real estate technology consulting firm, thought about what a similar attack would mean for his firm. "Our primary goal is business continuity," he says. " We have to make sure that all systems are go, or we can't operate."
A cyber breach can be as devastating as a natural disaster. And while large company data breaches may grab headlines, small and medium-sized businesses are especially vulnerable. Security and research firm Ponemon Institute reports that 61 percent of small and medium-sized businesses experienced a cyber attack in 2017, and 54 percent experienced a data breach.
The median monetary loss of a cyber attack on small businesses is $2,000, according to the Better Business Bureau. But data theft or information loss affects your credibility, too. "Cyber security is about creating trust in the marketplace," says Bill Fanelli, chief security officer with the BBB. "It's being able to demonstrate to your customers that you are a safe vendor to do business with."
Focusing on cyber security is not only good practice from a business perspective, but it's also often a legal requirement, as a growing number of state and federal laws regulate how businesses safeguard client information.
Follow these steps to ensure you've properly secured your company's data:
1. Secure your network
You probably have some kind of firewall and antivirus software. But since hackers constantly find new methods of entry, you need to regularly download antivirus updates so you don't miss any patches (turn on update alerts so you know when updates are available). Also, check with your email provider to ensure that filters are turned on and configured properly.
One particularly vulnerable area: your Wi-Fi network. You should have two: one for company use that's hidden, encrypted (set this up by choosing the password-protected, WPA2 option in your Wi-Fi settings). The other Wi-Fi network should be for customers or visitors. For the visitors' network, set the password for one-time use, and update it daily. This protects customers while preventing employees from logging in using the less-secure connection.
2. Focus on all devices
All mobile devices, including personal cell phones used for company business, should have anti-virus software and virtual private network, or VPN, encryption, which protects the device even if it's on a less secure, public Wi-Fi network. "Any outside device must meet your security standards before you allow it to connect to the company network," says Adam Levin, founder of CyberScout and author of "Swiped."
Require that all devices used for business have a six-digit passcode and biometric (fingerprint or face recognition) authentication, where possible. That will keep a criminal who finds or steals an employee's cell phone from easily accessing data.
3. Train staff
Over half of data breaches at small and medium-sized companies are caused by negligent employees or contractors, according to Ponemon.
Start by teaching employees the basics of good password hygiene and how to spot a phishing scam. (The Federal Trade Commission offers some free educational programs on its website.) "The best anti-phishing and malware blocker is user training and user education," says IT consultant Howie See.
Require workers to enable two-factor authentication, which uses a password and a second piece of information, such as a code sent by text or email, on work email accounts, and only access them via secure networks or VPN-equipped devices. Depending on your budget and the sensitivity of your data, you might consider providing employees with separate devices used for work only.
Review best practices for storing, saving, and sending sensitive information. This not only safeguards against hackers, but also against employee errors like losing data or sending sensitive information to the wrong person, Levin says.
4. Store in the cloud
Putting your data in the cloud, or storing it with a third-party provider on the internet, not only makes it more secure against cyber criminals, but also protects you from other risks like fire or burglary.
None of the larger cloud providers have had any serious breaches to date. Before selecting a vendor, ask whether they include storage backup for data, and what type of liability protection they provide.
Hershkowitz, the real estate technology consultant, has implemented two-factor authentication, switched to encrypted emails for transmitting sensitive documents, and signed on with a cloud access security broker. He's also exploring additional steps to protect against a breach or ransomware attack. "I feel like I have put in place a substantially improved level of security," he says.
Beth Braverman is a Chase News contributor.