In the News
Small Business Security – Protecting Information
As many of you have probably noticed, the number of network security breaches in the news has been on the rise. Some of you are probably thinking “thank goodness I am at a small company”. The unfortunate truth though is you are just as likely, if not more likely to be a target of online hackers.
As the Wall Street Journal recently pointed out in their July 21st article “Hackers Shift Attacks to Small Firms”, small businesses end up being very lucrative for online hackers. Usually smaller firms don’t have the same security in place that larger companies do, and in many cases don’t even know they have been hacked for months or years later.
There are many things you can do to prevent or limit the effects of a data breach. It is important to remember that all data is not created equal. The first thing you need to do is identify your critical information. For example PII (Personal Identifiable Information) is one that you always want to keep secure. Examples of PII are Drivers License numbers, Credit Card numbers, or Social Security numbers. Once you have identified this information you need to separate it from your regular data. This can be in a separate folder or on a totally separate server. Finally you need to setup permissions so only specific people have permissions to access this folder. If possible you also should encrypt this data, so if it is stolen, it will be much harder for the hacker to get at the data. One thing to remember is that PII data can many times be in locations that you wouldn’t expect (resumes, job applications, emails, social networking sites (Facebook for example) etc).
Now that you have segmented this data you need to create a corporate policy that dictates how this information can be used, who can see it, and how it can be transmitted. For example if someone fills out a job application, it most likely goes to HR. That person might need to do a background check so they may email the Social Security Number to the person that does that. Unfortunately if that email is not encrypted, it can be intercepted, which opens up your firm to a potential data loss.
Almost no network can be totally secure from hackers, but you can limit the potential loss by being prepared ahead of time.