The internet and cloud computing are powerful tools for small businesses. They enable the small business to stay on competitive footing with larger firms when comes to expanding markets and increasing efficiency. However, along with all the benefits of the web comes the highly publicized danger and inherent risk. Every small business owner should have a comprehensive cybersecurity strategy to protect their business, customers and data. The following are a few areas small business owners.

1. Employee Awareness
Employers and owners need to establish fundamental security policy. All the technology in the world will not help if the human factor is not accounted for. This policy should include but, not limited to password policy and acceptable internet use guidelines. The policy should have teeth and establish penalties violations. Rules and procedures should be in place for handling sensitive and “personally identifiable information”

2. Minimize Your Attack Surface/Protect Your Technology
Get rid of unnecessary software and only keep what is required to perform business task and maintain your devices. Whatever is remaining should be kept updates with the latest patches and fixes. Having the latest security software, web browser and operating system are a defense against viruses, malware and online threats. It is a good practice to run full scans weekly and after updates.

3. Lock Down Physical Access to Computers
Use of should be restricted to business activities. Prevent access or use of to authorized personnel. Each employee should have a separate user account, requiring strong passwords. Administrative privileges should on be given to trusted technical support and key personnel. Mobile devices such as laptops, should be locked up when not in use and data on these devices should be encrypted as they are easy targets for theft

Here are a few suggestions to help business protect their sensitive data.

1. When at all possible don’t store sensitive information on your own internal servers. Leave it to the professional. Reputable cloud services can invest a lot more money in protecting data then the typical small business owner.
2. One of the simplest however often overlooked security measures is using a quality anti-virus solution. Don’t settle for “freeware” or the cheapest product.
3. Use reputable payment processing services if you handle credit card transactions. It’s what they do. They have the infrastructure to more effectively protect financial data then the average small business.
4. Employee awareness is fundamental to protecting your business. The most technical and expensive security solutions drastically lose their effectiveness when employees and managers to do not follow fundamental security practices such as password management and email discipline.
5. Make use of the added security tools provided by cloud and software services. The few seconds it takes for two step verification can save lots of heartache downline.
6. Review your current security practices and polices regularly to make certain they work in an ever changing technical landscape. If you don’t have established policy and procedures, today is the time to start getting that in place.
7. Lastly, do your homework and research. There is an abundance of information available online for ways to better protect your business. If you don’t have the time have someone else in your company take care of it or outsource. Remember the saying “an ounce of prevention worth a pound of cure” saying.

Be Safe

Many small business are not aware of their responsibility or liability when it comes to securing and handling PI (personal information). It would be a good idea in this world of “cybercrime” to become familiar how this impacts you as a business owner. The data breach law in Nevada is NRS 603A “Security Of Personal Information”.

The current law was amended (AB 179) in May of 2015 and went into effect July 1st, 2015. The amendment added the following items as PI when unencrypted and combined with a person’s first name or first initial and last name.

-Driver authorization card numbers

-Medical identification or health insurance identification numbers

-User names, unique identifiers, or email addresses in combination with passwords, access codes, or security questions and answers permitting access to an online account

There are exemptions such as the last four digits of a social security number or “publicly available information”. A review of the bill and discussion of questions with a qualified legal representative would be prudent for business owners.