Cybersecurity for your small business

Protect the life of your business by putting cyber safety measures in place

Small businesses without a cybersecurity plan in place may be easy targets, so it’s in your best interest to put security measures in place. “Cybersecurity may sound overwhelming to the small business owner, who is over-extended to begin with,” says Dr. Kelley Misata, CEO of Sightline Security and executive director of the Open Information Security Foundation. “If you take a targeted approach and integrate security best-practices into business operations, prevention becomes muscle memory.” 

Prioritize your business cybersecurity risk

Rank your risks

To determine what’s important to protect, you need to consider your business purpose. Don’t limit the focus of your cybersecurity efforts to financial theft. Identity theft or your database may be equally important for your business’s bottom line.

After you pinpoint where the most sensitive information is exchanged and stored, use those digital channels deliberately. That means staying aware of risk at all times on important channels. 

Make a data map to track how you are using digital

Misata recommends you write down all the applications your business uses. Rank the applications in order of importance for essential business transactions. 

You may be surprised how many applications you have that you don’t need. Close those unused accounts to limit exposure to risk. This step will also improve the efficiency of your operations.

While you write down all the applications you do need, find out how many passwords are being used and how many people have access to them.  

Set up a plan for appropriate security

Password security for entrepreneurs

The easiest way to secure information is to maintain password best-practices. The four important tips for password security are:

1. Create a password with at least 6 digits, a number and a symbol
2. Use a unique password for each important account
3. Change passwords on a schedule (quarterly or when the clocks change)
4. Use two-method authentication (a code is texted to your mobile phone to unlock the account) for critical accounts such as your bank account 

Where to store passwords

When you keep your password list in the cloud it is convenient to access but there are risks.  Misata recommends you consider a password manager. This software generates hard-to-hack passwords. It also stores previous passwords, which may get you back in business quickly if there is a security breach. Using password management software from your computer (not the cloud) allows you a bit more containment if your business is compromised.

Control access to your digital channels

You might need to hire a contractor and give them access to your website or shared drives. Don’t over share. Record who has access to what and the passwords they use. When the job is done or if they move on, you can take the steps to remove that access and limit your exposure. Try to control access by granting administrative access instead of handing out passwords. Learn how to manage access to every digital account: payment systems, documents, databases, your website, social channels, etc. You must be able to lock the door behind you.

File back-ups are important for security too

Take the time to secure a copy of important information, such as your website. How often you back-up information depends on your business model but the more frequently you save key information the better. If something goes wrong, that recent back up can be vital for . 

Securing data is good business

Clients and customers are pleased to know about safety measures that protect their personal information. Secure operations will increase the confidence others have in the service and product you provide.

Authors

Kelley Misata, Ph.D., Cyber and Information Security Executive and CEO of Sightline Security