Cybercrime has become big business and cyber criminals are looking for new targets. Bubbling up to the top of the list are small and midsize businesses. Why? Small businesses usually don’t have a big security department or investments in high-powered network defenses and services, which means attackers can often get in with less effort. Here are some tips to keep your small business safe:
1. Hard-disk encryption for laptops. In a small business, employees wear lots of hats and often work outside the office. On a single laptop there is likely to be a bounty of data waiting to be pillaged. Encrypting hard drives helps to protect vital data in case of theft or loss—a crucial step given that an estimated 800,000 laptops are lost or stolen every year in airports alone.
2. Consider going "cloud." You may not have the resources to have a security staff but your cloud service provider should. Moving e-mail and other services to the cloud can sometimes save money and, if you are a small business, it may actually keep you safer.
3. Security awareness training. Hackers have honed their skills in automating credible phishing attacks. Large companies have whole departments and expensive monitoring systems to help filter these messages out, but in small businesses every employee is a soldier on the front lines. Doing some basic security awareness training and sending someone from the IT department to a security conference to learn about the latest attack techniques can help keep the business safe. Most people want to do the right thing to keep their company safe; this helps them figure out the "what to do" part.
4. Have employees go through password reset. Imagine you forgot all your business (and personal) passwords and try to reset them. What questions do you get asked? Is that information publicly available? Can attackers get their hands on it? Even if your passwords are strong, the process for resetting them could be a weak link. Shoring up password reset questions and answers is an important part of defending the business.
5. Lock mobile devices. Imagine you just stepped out of a cab in New York City. As it speeds off, you realize your phone is missing. How exposed is your data? Using a pass code on a mobile phone and subscribing to a remote wipe service—the ability to clean everything off your phone remotely if it’s lost or stolen—can save your business some serious heartache. If your e-mail provider already supports remote wipe, activate it and save yourself some sleepless nights.
RSA Conference Chairman
Santa Clara, Calif.
Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.
To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.