Identity theft isn’t only a problem for shoppers at big-box stores like Target and Home Depot.
Small business owners also find themselves in charge of protecting the data most coveted by hackers: names, addresses, birthdates, Social Security numbers and bank account numbers for all of their employees. They are often thought of as easy targets because they don’t take precautions.
An astounding 43 percent of businesses suffered data breaches during 2014, with reports that hackers are stealing up to $1 billion a year from small and midsized U.S. and European businesses.
Who is in charge of protecting all this information? Every small business owner, including you. Employers are legally required to protect employees’ confidential information as part of the Fair and Accurate Credit Transactions Act and the Fair Credit Reporting Act, reports HR Hero, and courts seem ready to hold employers liable for some data breaches.
Get Employees on Your Side
While consumers are individually protected by liability limits on hacking and theft from their bank and credit cards, commercial accounts don’t always have the same type of protection. Even small businesses are at a higher risk for hacking than individuals based on the sheer volume of daily transactions, 24/7 internet connections, networked computers and multiple system users.
Your employees, often referred to as your business’s greatest asset, might also turn out to be your greatest liability when it comes to data security. All it takes is one weak link to open the door for hackers.
So make sure they know of your efforts to secure company data as well as their own.
A strong security plan starts with informed employees. Teach employees to recognize signs of phishing, viruses, fraud and malware. While you’ve probably trained your employees how to use your own system, they could also be using your computers for personal activity such as email, instant messaging or shopping. Companies institute a Bring Your Own
Device policy for that reason, though that leaves security gaps, as well.
Next, create a security and computer use policy. Be specific about who has access to what level of information. Business Journal suggests creating an audit trail to ensure you know who’s accessing what data at any given time.
Security Strategy Basics
Fold these tactics into your data security strategy.
1. Create individual user accounts for each employee with individual passwords. When an employee leaves your company, disable the account.
2. If your employees telecommute, have a computer professional evaluate your log-in procedures to ensure company data remains secure.
3. Consider limiting internet access to sites your business needs for operation. That has pluses but minuses, too. If you have productivity issues first tell employees you’re thinking of doing this but would like to avoid it.
4. Limit access to important data. Keep it in a separate location from common systems and software, if possible. Very few people in the company need to see it.
5. Get commercial-level virus protection software, learn how to use it and set regular dates to update and run it.
6. Also schedule regular computer maintenance for software updates, which often include security patches. But before you do, wait a day and research whether there were problems with the update.
7. Back up data regularly, and store backups in a separate location.
8. If you use a smaller community bank or local credit union, find out if their security technologies are up to date and ask if they offer fraud protection for your business account.
For help installing antivirus software, for general questions, creating security procedures or otherwise protecting your employee data, call in the experts at Geeks on Site. We’re available in person or online 24 hours a day, 7 days a week.