These tips from the National Cyber Security Alliance and the Better Business Bureau can help guard your business against breaches and other vulnerabilities that could compromise your data.
If you own a small or medium-sized business (SMB), protecting the data of your customers and your company is vital. All is takes is one major compromise for your customers to lose their trust in you, and for your company to suffer as a result. By following certain best practices, you can better secure your data so it's less vulnerable.
The following tips from the National Cyber Security Alliance and the Better Business Bureau, published Tuesday, are designed to help you safeguard the data on which your business depends.
SEE: Windows 10 security: A guide for business leaders (Tech Pro Research)
Get started with these top take-action tips
- Lock down your login: Using passphrases to protect the accounts you use for your business is advantageous, as such phrases can be more secure and easier to remember than a single complex password. However, you need to make sure the passphrases you use are lengthy, unique, and stored safely. Further, take advantage of stronger authentication methods whenever available. Such methods as two-factor verification, biometrics, and security keys provide an extra layer of protection for your business accounts.
- Update your system and software: Make sure your computers, devices, and software have the latest security updates to better guard your data.
- Back it up: Protect your business data by backing up your most important files. Set a regular schedule for backing up your vendor database, employee contact data, customer financial data, and other critical information.
Keep a clean machine
- Update the software on all of your devices: This includes point-of-sale systems and IoT (Internet of Things) devices.
- Establish or update your BYOD (Bring Your Own Device) policies: The goal is to reduce the risks involved in allowing employee-owned and controlled devices.
- Delete software and apps your business no longer uses.
- Teach your employees good habits for maintaining clean and secure devices.
Digital file purge
- Set up guidelines for data retention for all your physical and digital records. Make sure to securely dispose of all old or unnecessary data.
- Clean out your old email messages and empty your deleted folders. Archive your older messages.
- Unsubscribe from newsletters, email alerts, and other updates you no longer need.
- Use the 3-2-1 rule to back up your business data: Create three backup copies using two different types of media with one backup offline and in a different physical location.
- Check for an upcoming BBB Secure Your ID Day or similar event in your area. Many of these "shred day" events can safely destroy your electronic equipment and their data. If you plan to participate in such a day, review your data and devices beforehand. Look beyond computers and mobile devices. Consider other equipment for shredding, such as external hard drives, USB drives, tape drives, embedded flash memory, wearable devices, networking equipment, copiers, printers, and fax machines, all of which can stored valuable personal data and images.
- Clear out stockpiles. Don't forget that old collection of hard drives and other devices. Even if they're safely locked away, they may still contain valuable and vulnerable data. Wipe and destroy those older and unused drives as soon as possible.
- Empty the Recycle Bin on all computers and devices. But don't forget to securely and permanently erase deleted files. Use a shredding tool that can overwrite deleted files with random data.
- Consider special overwriting and wiping tools for electronic devices. For tape drives, remove any identifying information written on labels before disposing of them. For embedded flash memory and networking or office equipment, perform a full reset and confirm that no sensitive data remains behind.
- Don't forget failed or crashed hard drives. For such drives, wiping them may not be enough. Shredding or destroying them is the most practical solution.
- Make sure a hard drive is truly shredded, which means chipping it into small pieces. Using a hammer to hit the drive may not do the trick. Instead, use a trusted shredding company to dispose of older and unused hard drives.
Clean up your online presence
- Review the privacy and security settings on your online accounts. Remember to include both your business accounts and your personal accounts.
- Review and limit the people who have administrative access to your business accounts. Give access only to those who require it to do their jobs, and base that access on job duties not job titles.
- Clean up your social media accounts by removing old and unnecessary photos and deleting accounts you no longer need.
- Control what you and your employees can share on the social media accounts for your business by creating policies and procedures for everyone to follow.
- Update the web browsers not just on your computers and mobile devices, but on all Internet-connected devices across your business. Don't forget the devices outside of your office, including those used by remote workers.
Dust off the plan
- Put together a cross-functional team to review your company's cybersecurity strategy. What valuable assets do you need to protect and how? How does your business plan to detect breaches and other vulnerabilities and how do you respond and recover if one occurs?
To learn more, the NCSA's CyberSecure My Business is a national program that offers free interactive training workshops, webinars, and monthly newsletters. And for more about SMB security, check out The top 10 security challenges SMBs face on TechRepublic.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy template download (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2018 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)