9 Security Practices to Protect Your Business's Sensitive Information
Information security can make or break your business.
You don't need to look far to see the repercussions when a business fails to protect sensitive information. Victims of significant data breaches result in a massive blow to reputation and bottom line. Being a public entity probably saved Waikato DHB earlier this year from financial ruin, but it too suffered irreparable reputational damage and delays that is still affecting patients, 4 months later.
Data breaches and fraud are problems for businesses of every size, affecting over 25% of businesses with direct financial losses of $3.9 million between Apr21 and Jun21 in New Zealand alone - This according to the CertNZ Q2 2021 report. That's enough to push many small businesses into bankruptcy.
Types of security risks businesses face
Businesses face an increasing number of threats on a daily basis. Research shows that ransomware, phishing, data leakage, hacking and insider threats are all security issues businesses are dealing with.
FYIFYI: Information security issues have a major impact on a business. Loss of revenue can result from remedying the problem and damage to your brand's image.
Hackers are responsible for the majority of information security breaches.
Cybercriminals look for ways to make monetary gain from businesses by using malware and phishing scams to collect sensitive data. The cost to remedy a data breach can be astronomical. Large companies that have to deal with major data breaches have paid out millions to specialists to become compliant once again.
Here is more about some of the threats businesses are facing.
Email phishing scams
Phishing is the act of a bad actor sending someone an email designed to look like an official communication from a legitimate, reputable company. This email may ask you to log in to an account or share your credit count information to prevent something drastic from happening. This information then goes not to the reputable company, but to the bad actor. You're best off not responding no matter how legitimate the email looks.
To determine whether an email is a phishing attempt or a legitimate communication, check the email address that sent it. It's easy to not think of doing so when you receive concerning emails, but the one second this takes can strongly protect your business. And if you're not sure whether the email is legitimate, just call the company apparently behind the email. They'll know for sure.
Device and computer hardware theft
worldwide, nearly 650,000 laptops are lost every year – and that's just in airports. The last figures available for New Zealand dates back to 2002 (yes, almost 20 years ago!) where $1.8 million worth of laptops were stolen in just over a year. Surely, the number of laptops lost or stolen in both airports and other settings is in the millions. And a stolen laptop, if not password-protected, gives anyone who uses it full access to your information. The good news is that avoiding this security threat is easy: Always keep your password-protected laptop in sight or on your person.
Unauthorised network users
When you password-protect your Wi-Fi network, you block hackers from stealing your information. That's because computer-savvy unauthorised network users can access any information you transmit via your Wi-Fi network. This information includes credit card numbers you use for online payments and passwords with which you log into your accounts.
How to protect your business from cybersecurity threats
To lower your risk and keep sensitive information safe, follow these essential security practices.
1. Only save what's necessary.
The more information you collect about your customers and employees, the more you need to protect them. Companies often save more information than necessary, and their customers are the ones who suffer if a data breach occurs.
To limit what hackers could steal, only save the information you absolutely need to run your business. Avoid collecting anything extra, and if you only need information temporarily, get rid of it properly after you've used it.
2. Keep an information inventory.
Laptops, smartphones, tablets and flash drives provide plenty of convenient ways to store and transfer information, but this also results in more opportunities for data to fall into the wrong hands.
Keep track of what information you're storing, where you store it and who has access to it. Make sure this information inventory includes both electronic files and physical documents with sensitive information.
3. Stay up to date with your cybersecurity.
It is essential for businesses to employ cybersecurity safeguards that protect businesses of any size from malware and other threats. The money you spend is well worth it, as a breach could cost you much more.
Did you know? The Equifax breach, which affected 143 million people, occurred because, the company failed to update Apache Struts, according to sources who spoke to Bloomberg.
4. Store physical documents securely.
Cyberattacks may be a more common threat, but lost or stolen documents can be just as bad. Whenever documents contain sensitive information, it's important to keep them safe from prying eyes.
Store documents in a locked file cabinet or room that only your most trusted employees can access. Dispose of documents by running them through a shredder.
5. Pay for expenses with a business credit card.
For business expenses, the best and most secure payment method is a business credit card. Most will have zero-liability fraud protection, and if you need to dispute a transaction, you won't be out any money during that process. You can set spending limits on employee cards and receive immediate notifications of any transaction via text alerts.
Any payment method has its risks, but credit cards have the most safeguards and security features. Security isn't the only benefit of business credit cards, as they also provide detailed expense reports and the opportunity to maximize your travel rewards.
6. Set internal controls to guard against employee fraud.
Regardless of how much you trust your employees, it's wise to use internal controls to limit your employee fraud risk. Otherwise, employees could misuse company funds or steal customer information.
Limit each employee's access to only the information they need for their job. Make sure your systems log what information each employee accesses. Set up segregation of duties to prevent any single employee from having too much responsibility. For example, instead of having one employee make purchases and go over expense reports, split those tasks among two employees.
7. Monitor your employees’ accounts.
Any employee’s account is a potential hacker’s portal to your most valuable information. To protect your business from employee account hacks, your Managed Service Provider should analyse their logs and behavior while setting rule-based alerts. In doing so, they can identify unusual login attempts that often indicate a hacker inside the account.
8. Create firm employment agreements.
In all your job contracts, include text that forbids your employees from sharing certain types of information. Every time an employee shares information, they transmit data through a channel that, even if highly secure, could still theoretically be breached. If this information isn’t shared in the first place, it can’t be accessed.
9. Plan your response to data breaches.
You always need to be prepared for a worst-case scenario. How you respond to security incidents can be the difference between a minor data loss and a costly breach. Your plan should include the following steps:
Close any holes immediately. Disconnect and shut down any compromised computers, and stop using any compromised programs.
Notify the appropriate parties. Depending on the information that was stolen, you may need to let customers and law enforcement know about it.
Investigate what happened. Conduct an internal review or hire an agency to find out what went wrong.
Giving your business maximum protection
Preventable security issues have brought down many small businesses. Although you can't eliminate the possibility of data breaches or fraud, with the right security practices, you can reduce their likelihood and minimize the damage if one occurs.
Contact us today for a free security assessment of your business.