As business booms, so can your vulnerability in the eyes of hackers. Here’s how to protect your company.
Only 20 percent of small businesses have network security encryption, according to statistics
gathered by SCORE, a small business organization. Shrugging off such data security could put
small businesses in a tight, and dangerous, spot, according to a cybersecurity expert.
“Think of the firewall as the lock on the door; it’s not going to totally protect you from the bad guys, but it’s essential.” – Steven Weisman
"Cybercriminals consider small and medium-sized businesses easy targets largely because these
companies have a less-developed security infrastructure, tighter budgets and a lack of skilled
expertise," says Ken Ammon, chief strategy and technology officer at OPĀQ Networks
in Washington, D.C. To shield your small business, cybersecurity
experts offer these seven data-protection technology solutions.
- Install proper firewalls. Without the right protection, hackers can access your network and
steal proprietary data, install malware or bring down your e-mail and web servers. “Think of the
firewall as the lock on the door; it’s not going to totally protect you from the bad guys, but it’s
essential,” says Steven Weisman, an attorney and a professor at Bentley University in Waltham,
Mass., whose expertise includes cybersecurity.
- Evaluate cloud-based security tools. As a business scales, the number of “things” to protect
can be overwhelming. “Identify comprehensive cloud-based security platforms like Network
Security as a Service or Security as a Service that can simplify threat management and extend a
consistent security policy across all network assets,” suggests Ammon.
- Update portable devices. Companies will secure their work computers but neglect to update
laptops and cellphones. “Many ransomware attacks have succeeded because companies were
using older operating systems for which security software was available,” says Weisman. The
best option? Install automatic security updates.
- Require two-factor authentication. “Passwords have proved to be too vulnerable since they
are sometimes easy to guess or people are tricked into revealing them,” says Weisman. In a
world of increasing digital crime and Internet fraud, companies are wise to implement two-factor
authentication, a two-step verification that not only requires a username and password but also a
six-digit code that is sent to the user’s smartphone or e-mail.
- Use complex passwords. Weisman suggests using phrases that are long and complex. “A
good password has capital and lowercase letters, symbols and numbers, and it’s long,” he says.
Also, include a shortened version of the account name on the end of the password. “If each
password is unique, it should be enough to keep hackers at bay,” he says.
- Protect sensitive data. One mistake that small businesses often make is not classifying
sensitive data as “restricted,” “confidential” or “private.” In addition, the data has to be
encrypted while in transit across the network and when at rest. “If the data on that device is
encrypted, you’re not running the risk of major harm to the company,” says Weisman. He also
suggests adequately educating employees. Sensitive data should never be downloaded onto an
unsecured network or device, for example.
- Don’t permit unauthorized devices. Back in 2011, The U.S. Department of Homeland
Security ran the following test: The staff secretly dropped USB drives in parking lots of
government agencies and private contractors. Some 60 percent of those who picked up the
devices plugged them into their computer at work out of curiosity. “If people connect outside
devices to the computers at work, unwittingly, they can be downloading malware,” Weisman
For companies dealing with shipping, logistics or supply chain management, protect your
business by securing your data. “Have a plan, alert your employees about the dangers of phishing
and spear phishing and always back up the data,” says Weisman.