Data security tips to keep your business information safe
With an increase in ransomware and other digital threats, the importance of securing company data has never been greater. Follow these seven security tips to help protect your business, employees, and customers.
1. Be aware of possible risks
Keep abreast of trends in digital scams by monitoring legitimate sources including:
The Federal Trade Commission (FTC)
Review the FTC’s Start with Security guide for business
The Better Business Bureau (BBB)
Monitor the BBB Scam Tracker to learn about scams in your area or industry.
The United States Department of Homeland Security (DHS)
Study the information available in the Small Business Resources section to learn about cybersecurity and access documents to help you plan.
The Federal Communications Commission (FCC)
Create a customized cybersecurity planning checklist — you can find a free template on the FCC website.
2. Look closely at unsolicited emails or calls
Were you contacted out of the blue?
Are you being pressured to respond quickly?
Do you know this person or company? Are you being asked to share personal information or financial details?
Is the deal too good to be true? Are the contact details vague?
If you receive an email from a person or organization you know, is the email address and domain correct?
When answering suspicious calls, be wary of verbalizing confirmation words such as “yes” in response to any questions. Some scammers may record your voice response and use it to enroll your business in costly services. Whether or not you know the person or business, if it’s an unusual request or about sensitive information, confirm the legitimacy of the email or call before engaging.
3. Educate your employees on security precautions
Create a technology and security guide for your employees that includes:
Company security measures
Best practices for password security
Email security information (e.g., don’t click on questionable links in emails)
Guidelines on keeping work and personal devices separate
Internet usage guidelines
Remote access policies
Incorporate mandatory training on all policies, email the security guide to all employees, and consider making IT security a standing agenda item on regular meetings to reinforce its importance.
4. Back up your files
Frequent and complete encrypted backups help protect you from scammers focused on attempts to extort your data with ransomware.
Use an easily accessible secure system. Reputable cloud service providers should have strong safeguards in place to help protect customer data and privacy.
5. Keep records — and take proper care of them
Maintain detailed records of purchases to catch phony invoices and credit card charges right away.
When storing records — particularly sensitive information — limit who has access, making sure those individuals clearly understand security protocols.
Take extra care when transmitting sensitive information; some information should not be shared via email. If you must email sensitive information, ensure the message is encrypted so that unauthorized individuals or organizations cannot view data.
When it comes time to dispose of records, shred papers and completely delete digital files.
7. Keep your systems safe and up to date
Use standard security controls like anti-virus programs and firewalls.
Protect your Wi-Fi and other internal networks.
Keep software up to date to prevent viruses and bugs.
8. Follow industry and government standards
You may find additional security systems and guidelines to follow based on the size, activity, and industry of your business. Some organizations to consider include:
ISACA — an organization that supports risk management and information security professionals
Payment Card Industry (PCI) Security Standards Council
National Institute of Standards and Technology
Other industry and government agencies
Every day small business owners accumulate a lot of important data, including company bank and credit card accounts, employee records, customer information, and proprietary business intelligence. Protect your small business with a data security plan that keeps information safe.