If you are an owner or a manager of an SMB, then data security should be one of your top priorities. For instance, in April, May, and June 2018 alone, some 765 million people were affected by security breaches and cyber attacks in one way or another, leading to losses of tens of millions of dollars.
The good news is, there are many simple, cost-effective ways to enhance your company's data security protocols.
25 Data Security Tips For Every SMB
1. Set Your PCs to Timeout When Inactive
Whether it's for 1 minute, 5 minutes, or 10 minutes, always set your PCs to go into sleep mode when left unattended.
2. Secure Your Files and Portable Equipment When Away From Your Desk
This is especially true if your business is growing, and your desk (or your employees' desks) are located in relatively open, unsecured areas.
3. Backup and Secure Any Files that You Need to Take Home
When employees take home important documents or files, there's always the possibility that they will get lost, damaged, or even stolen. Therefore, always backup these critical pieces of data to a secure drive at the office, keep them in a secure location at home—and train your employees to do the same.
4. Shred Away!
For paper files that contain sensitive information, make it a company policy to shred the documents in question once they are no longer needed.
5. Never Leave Important Documents Exposed
Whether at the office, at home, or at your favorite coffee shop, remember never to leave hard copies that contain confidential or sensitive information out in the open where prying eyes can access them, or quick hands can snatch them away.
6. Never Leave Your Laptop Unattended
In a similar vein to tip #5, always keep your laptop secure from unauthorized personnel, especially in public places. It only takes a few moments for an unsavory individual to breach your data security.
7. Delete Obsolete PII
A document or file that contains personally identifiable information, or PII, should be deleted/destroyed once it's no longer needed. This can be accomplished via shredding for hard copies, or permanent deletion for digital files.
8. Report Any Potential Breaches in a Timely Manner
Whether it is required by law or not, if you think that a security breach may have occurred, contact key stakeholders immediately. These may include upper management, your IT providers, as well as affected clients.
9. Encrypt Sensitive Messages
Encryption basically means that your intended recipient needs to have your digital ID or password to open the target file. Fortunately, nowadays it is fairly simple to encrypt text messages and other communication mediums that contain PII.
10. Ensure that Your Digital PII is Stored in Secure Folders
These folders should have strict access permissions, so that only you, and perhaps a few authorized colleagues, are able to open them at any given time.
11. Use Passwords to Guard All of Your PII
All PII, no matter the platform or program, should be secured by means of a password.
12. Never Use a Public Wireless Network for Mobile Work
Even though like me, you may enjoy a cup of coffee and a scone at your neighborhood Starbucks, it is never a good idea to handle sensitive work activities over a public Wi-Fi network. In fact, any Wi-Fi network used for work purposes should ideally have a password that only your employees know.
13. Have a Cover Sheet for Paper Files Containing PII
Alternatively, use a "dummy name" for a folder that contains important files in order to throw malicious snoopers off the scent, or even protect sensitive data from the eyes of innocent passersby.
14. Keep Folders Containing PII Closed when Not Actively Using Them
On your PC, always close out files or folders that you don't currently need in order to keep confidential data hidden.
15. Use Strong Passwords
Strong passwords would not include birthdays, anniversary dates, or any other piece of information that others could easily guess. In addition, many platforms recommend or require the use of letters, numbers, and special characters within a single password.
16. Be Selective in Sharing Your Passwords (If At All)
It would be wonderful if you could trust every single person you meet in a day. Unfortunately, that's not the world we live in, and you should generally keep your password to yourself, not even sharing with co-workers or friends that have no need to know.
17. Don't Use a "Master Password"
Many employees fall into the trap of using a "master password" for all of their personal and work accounts. While such a one-size-fits-all password is convenient, it also leaves all of your information open to attack if anyone is able to decipher it.
18. Use Different Passwords for All of Your Accounts
To maximize security, it is a good idea to implement this tip as a follow-up to tip #17. Yes, it's a little more hassle: but this will ensure that not all of your data security "eggs" stay in one "basket," should someone malicious obtain one of your passwords.
19. Always Change the Default Password
You need to use a password that's more secure, and also easier to remember.
20. Periodically Change Your Current Password
Many experts recommend doing this about once every 3 months. Of course, you may want to change more frequently, depending on your particular business needs.
21. Ensure that Anti-Malware and Virus Protection Software is Installed
In addition, make sure that you have the latest version of such a program.
22. Never Click on a Suspicious Link or Attachment
Such links can open a "back door" to your network that will allow a virus or form of malware to sneak through.
23. Only Trust Websites that are HTTPS-Secured
One researcher called HTTPS the "cornerstone of our online security and privacy." If you see that a website does not have "HTTPS" visible in the navigation bar, then beware.
24. Don't Open Files Sent via Chat or IM Platforms
Such files could potentially bypass your security software and create a breach.
25. Train Your Employees!
This is one of the most important tips you can put into action. Educate your employees on the above-mentioned information, and train them to be security-conscious as they perform their daily tasks.
Investing in a Managed IT Team
There's one more tip that can help strengthen your data security procedures: invest in managed IT outsourcing. Remote monitoring from a third party can make your business network that much safer. If you'd like to learn more about this option, explore our Ultimate Resources Page for all things Managed IT-related.
At AIS, we’re not just a technology company. We’re a company that is passionate about providing you with valuable and news-worthy data so that your business can continue on its path of growth and success. If you’d like to learn more about managed IT services, or any of the products we offer, reach out to one of our business technology consultants. We’re here to give you peace of mind to help you win more business.
