Data security is a critical priority for small businesses. And while it can seem overwhelming, complicated and yes, a little scary, it’s absolutely necessary to get and stay on top of data security.
We talked to Brian Burch, VP of marketing at Norton and an expert in data security, to find out what data security measures business owners need to take.
Brian stated that small businesses are increasingly under attack because hackers realize that it’s sometimes easier to attack a small business than it is to attack a Fortune 500 company.
Brian emphasized the need for good security hygiene from all employees, multi-layered security and a need for mobile security as well.
Check out all of Brian’s tips in the video!
Would you rather read about data security measures? Check out our summary below!
This week’s question was from Sarah:
My business is about to go from just me to a few employees. My business deals with a lot of vendors as well as customers' credit card information. How do I make sure that all that information stays private? And how do I protect the business as it grows and make sure that my employees don't accidentally expose sensitive data?
Brian Burch, VP of marketing at Norton, began by emphasizing that security is a critical priority for small business and that security must be multi-layered. Being able to protect not just against antiviruses, but also against unwanted intrusion, protect against phishing scams, any sort of threats or malware that could infect you as you browse the internet and deal with even the malicious crypto ransomware that's out now.
It’s a lot of information to take in, but cyber attacks today are more varied and sophisticated than the hacks of 20 years ago. Brian recommends that small business owners have a written policy that every employee must read and talking to them about passwords (which should really be pass-phrases). As employees come and go, that creates vulnerability. If an employee leaves and the employee might not be happy, you need to go through and change passwords to prevent some malicious attack from an ex-employee or even an insider.
Many small companies use cloud increasingly for a variety of services. The cloud is as secure, if not more secure, than the traditional forms of storing data and working with data inside of a small business environment. Again, it goes back to policy and making sure that the employees annually are trained and that there are written policies that protect. And just making sure that employees have the discipline that maybe an employee at a larger company would have, or that we all tend to adhere to in our personal lives, can help a lot. You've got to make sure that each small business employee knows that the company is vulnerable, and could be attacked and that they take necessary precautions. The most used password last year was "123456" and second place was "password." Creating true, complex passwords or passphrases dramatically increases the degree of difficulty for a criminal syndicate to actually attack your company.
If you use a mobile device for any sort of your business, you need to address mobile security as well, as it’s a popular misconception that mobile is inherently secure. An antiviral protection software can protect against malicious code or a virus, and in a mobile environment, it's much more difficult to launch malicious code in that way. And on mobile devices, surfing the internet is just as dangerous, clicking on a phishing email can be just as dangerous.
And crypto ransomware can hit a mobile device just as easily as it can a PC. The ransomware idea is that the attacker gets a hold of your system and encrypts the data on it, so that you cannot access it. Hackers often use almost nation-state type encryption, which is almost unbreakable. And there an ounce of prevention is definitely worth a pound of cure because once the data's encrypted, it's very difficult to get it back.
And it’s important just to realize that small businesses are increasingly under attack because criminals realize it's sometimes easier to attack a small business than it is a Fortune 500 company. And there's a lot more to be gained than attacking an individual consumer.