7 Steps Toward Better Small Business Security
Big corporations generate a lot of news when their security is breached, but cyberattacks can — and do — happen against small and medium businesses (SMBs).
Symantec's 2013 Internet Security Threat Report found that 31 percent of all targeted attacks in the previous year were aimed at businesses with fewer than 250 employees.
The typical cost for a data breach is approximately $200 per record compromised. Because of this, 60 percent of SMBs hit by a breach have closed their doors for good within six months.
Yet even though most SMBs can't afford their own IT departments, there is still plenty that can be done to beef up workplace computer security.
MORE: 10 Ways to Prevent a Data Security Breach
The first step is to train employees on digital-security best practices — not opening attachments in unsolicited emails, not using outside instant-messaging clients, etc.
But that's the just the beginning of what you can do. Here are 7 other ways your employees can help to protect the network.
1. Keep personal Web browsing at home.
Your lunch hour may seem like a great time to catch up online with friends and family, but your casual Web browsing can introduce all sorts of problems into the company equipment.
"Viruses run rampant through social network posts, so stick to your own computers for personal information," said Brandon Saumier of PEAK Squad, an IT solutions company in Richmond, Va. that provides data-security services to SMBs.
2. Keep confidential data confidential.
"Printing passwords, using sticky notes as reminders and improperly storing company data are fast ways to get the company fined or to get employees fired," Saumier said.
"This goes double for companies that require compliance with regulations like HIPAA and FISMA," he said, referring to the Health Insurance Portability and Accountability Act of 1996 and the Federal Information Security Management Act of 2002.
"An audit can come at any time," Saumier said, "so only use company-approved document- and data-management processes."
3. Always use secure connections.
With the increased use of cloud computing and mobile devices, and Wi-Fi available almost anywhere you can imagine, employees are connecting with the company network outside of the office more than ever.
However, public Internet connections at locations such as cafes, parks, restaurants and airports are anything but secure.
Instead, use collaboration and Web-conferencing technology that works only over secure connections such as a virtual private network, recommends Dan Waldinger, director of marketing solutions and services for Brother International in Bridgewater, N.J.
That way, you won't have to worry about sensitive information being sent unprotected over the Internet.
4. Ask employees to speak up if something is wrong with their device or PC.
Malware that's infected one computer can quickly spread to others, so it's best to catch it early.
"By reporting issues as soon as possible, it's easier to contain and mitigate the problem before it can spread throughout the organization," said Vann Abernethy, senior product manager at NSFOCUS, an anti-DDoS firm based in Beijing.
5. Make sure employees know the security policy. Then enforce it.
Employees should understand the repercussions of violating security policy, including the tools and processes that have been put in place to protect company assets, Abernethy said.
Ignoring those policies, either unknowingly or purposefully, can have serious consequences, which is why regularly reviewing security policies — including Bring Your Own Device (BYOD) policies — can help to reinforce the program's overall goals.
6. Always lock your computer screen.
The practice of password-protecting mobile devices should be used on the office desktop as well.
"Leaving your computer unlocked is like leaving your [Social Security] card or driver's license on your desk when you go to lunch," said Michael Fimin, CEO of Netwrix Corporation, an Irvine, Calif., company that provides computer-auditing solutions across the United States and in the United Kingdom and Ireland.
7. Use passwords for everything.
Don't use passwords only for basics such as checking email or entering secure areas of your corporate network. Use them whenever data is confidential, such as when joining and/or sharing documents during Web-conferencing sessions.
Change the passwords frequently, too, to ensure that only those employees who should have access do have it.
By instituting best practices for computer security, you can build better awareness among employees. Once workers understand why good security is necessary, it is easier for those practices to be followed.