Five Proven Methods to Increase Data Security in Your Small Business
Posted by Pamela S. on Thursday, January 24th, 2013
Increase data security and you ultimately increase customer satisfaction. If you can promote the fact that you have processes in place such as secure cloud based content management, you’ll keep your clients and your employees happy. Most small businesses don’t take data security seriously. Whether you run a retail business in the beautiful town of Franklin, Tennessee or provide accounting services in New York, you have to a duty to protect the information in your care. Business owners who aren’t computer savvy may be intimidated by the process, but the following tips show that you don’t need to be an IT security expert to implement change.
Start with the people in your organization
Your employees are the ones handling your day to day information. Do you monitor their emails? Do you know who they are sending your information to? A secure email delivery service can help you keep track of emails and document delivery, but you should start by vetting and training your employees.
Who is handling the sensitive information at your company? Pre-employment background checks are becoming the norm for both large corporations and small businesses. Anyone who has access to personal identifying information or financial data should have a background check. A background check can include a criminal history search and a credit check. Employee theft isn’t just about physical product. Someone on your staff may be stealing or leaking confidential information. White collar crimes, such as embezzlement are on the rise. Some companies are going so far as to conduct background checks on contractors or other third parties, such as vendors.
Human error is the cause of many data breaches. The unintended disclosure of confidential information is often caused by someone who hasn’t had formal training. All employees should be given the proper training on how to manage your sensitive data. This can be accomplished through training sessions and printed materials, or an employee manual. Training should include everything from how to construct a strong password, to what kind of information to give over the phone to protect your business from social engineer scams. Your employees should all know your restrictions with respect to the use of company computers, smartphones, and other devices.
Have the right policies and procedures in place
Your employees need to be aware of your policy on computer use, but first you have to develop a policy. What is your policy on flash drives? These little devices can hold a ton of company information and be squirreled away in a purse or pocket. Are you fine with employees using social media or personal email on company computers? This is how some data breaches happen. Many companies are also banning smartphones in the workplace. These phones all have cameras, and if you still have sensitive information lying around in paper form, an employee with criminal intent may be sharing your information through their phone. Consider moving to a paperless office. By using secure email and document delivery, you can monitor your email and cut down on the number of paper documents, which could be misplaced, stolen or copied.
More employees are working remotely. It saves your small business money, but adds another layer of risk. Sending your telecommuter documents over regular channels is fraught with risk. A secure document delivery service is your best option.
Stop Malicious Attacks on Your Computers
Are you still in the dark ages? Are your computers protected with the latest anti-virus, anti-malware, anti-everything that can possibly hack, enter or screw up your system? There is no such product that can protect your systems from every type of danger. That is why storing your documents in the cloud is the best choice. Cloud services have security systems in place that your small business wouldn’t be able to afford in a million years.
How secure is your email? Is it encrypted? Are you using Outlook? Some companies are even using Gmail and other free public email delivery services.
A potential client gets a Gmail or Yahoo email from company A – they are probably going to ignore it. They get regular email from company B – fine, they probably don’t even think about it. Company C sends the client information and a contract through a secure email and document delivery service. That will impress them.
Security breaches don’t just involve computers
How many of you still use a fax machine? If you have ever left your office and come back to find sensitive documents sitting in the tray, you realize how easy it would be for someone else to pick up these papers.
That is not the only piece of office equipment that can take you down. Did you know that digital photocopiers store all of the data you have copied? Some companies found out the hard way when they replaced their copier and sold the old one, with all their sensitive data still in the hard drive.
Shredders are important, even paperless offices still have paper. Invest in a cross-cut or top of the line micro-cut shredder, for extreme shredding. At the last Macy’s Thanksgiving Day Parade, revelers were rained upon by bits of shredded paper that contained confidential police information. The paper was shredded with old style strip shredders.
Consider installing CCTV cameras in areas where sensitive information is stored. You must place a sign informing your employees that they are being recorded.
How to handle a breach
In order to manage a breach you need to find out about it. Have an open door policy, where employees feel safe reporting incidents. If your company is a bit larger, consider implementing a whistleblower program. If an employee feels safe, they will let you know if one of their co-workers is up to no good.
Conduct regular security audits. For a very small company, that could be something as straightforward as monitoring computer use and making sure all software is up to date, going through transaction records, and being vigilant. If you can afford it, hire a security professional to provide advice and conduct and audit.
You can’t afford to be lax about data security, your business depends on it. Think big while running your small business. If you are a member of a small business organization, you may be able to obtain a better rate for IT security services, and other security measures by joining forces.