You can never really tell if your small business is going to be hacked. But the likelihood is high. In fact, according to a 2015 report, 62% of small and medium sized companies have been hit by a data breach. Even if you take every precaution, you’re still at risk. But if you ignore this situation you’re putting yourself and your company in danger of a serious disruption, loss of information and potential liabilities. Are you in trouble? The hackers are looking for weaknesses and, when found, they’ll pounce. If you are doing (or not doing) any of these nine things you’re definitely more at risk of being hacked.
1. You have higher than average employee turnover.
Some industries, like fast-food restaurants or seasonal businesses, have more turnover than others. But if you’re losing employees more than the norm than there may be a reason behind this – like lower than average pay, less than fabulous working conditions, etc. When employees leave they sometimes take data with them – usually inadvertently but sometimes on purpose to use with a competitor or other vengeful reasons. Re-address your employee concerns and do your best to limit turnover – you will reduce a chance of a hack that way.
2. Your staff is remote and/or mobile.
When employees are moving around they are moving around with your data – it can be easily lost or stolen. If an employee or contractor is remote then they are connecting to your database through online services and these have a chance of being hacked. Work with an IT person to make sure you have strong data management and connection tools in place for these remote people and make sure they’re being monitored.
3. You have no IT support.
Speaking of an IT (information technology) person: get one. Even the smallest of companies are exposed to a data hack. Paying someone to evaluate your risks, install software, monitor activity and keep things up to date is a critical and essential business cost – even the work is done monthly (it all depends on your size and activity).
4. You do not buy security software.
Subscribe to one of the great security applications like McAfee, Norton, Malwarebytes or Bitdefender. There are many others. These software applications are inexpensive, run quietly in the background of every device and are checking for malware, viruses, infected websites and other tools of the hacker. Make sure this software is always updated.
5. Your employees do not get trained.
Most security problems, particularly at small companies, are from employee-related errors – clicking on bad websites, opening up infected files, etc. Invest in a day of training a few times a year with a good IT security firm so that your employees are well aware of potential problems and can avoid doing dangerous stuff.
6. You have no procedures for securing data.
If you are handling health, financial or other personal information about your customers, and it gets stolen, you could have a big problem on your hands. Keeping this data in an unprotected place means that hackers are going to find it. If this is you, then you’re going to need procedures and policies around the safeguarding of confidential customer data. And after they’re written training will be required to ensure that your employees are complying.
7. Your computers and operating systems are old.
Thousands of computers around the world are still running older, out of date versions of Microsoft Windows. All hackers need is one vulnerable computer to attack and then can get on a network and wreak havoc. One of the best ways to avoid a hack is to ensure that all of your computers are running the most recent versions of Windows or iOS all the time. If a desktop or other device is too old to handle the new operating systems then buy a new one. The cost will pale in comparison to the cost you’ll incur if you’re hacked.
8. You have no BYOD policy.
Are your employees allowed to bring their own devices (a BYOD policy) and use them for work? That’s what most companies do. Unfortunately, this can create security issues if they are not monitored. Many companies use remote management software to install company apps on their employees’ devices for a secure access while other companies issue their own devices to their employees which have been secured. So, what is your Bring Your Own Device policy? Every company must have one and every company must have an IT person monitoring those devices.
9. Password changes are not enforced.
Most people are pretty complacent with passwords – the most common one, if you can believe it, is still “1234.” You must require a more complicated password for your employees to enter your network – a combination of letters, numbers and symbols – and this password should be required to be changed every month or two. That way passwords are more difficult to hack and hackers may move on to another easier target.
No, you can’t completely avoid being hacked. But if you’re doing these nine things you’ve increased your changes a whole lot!
Next Steps: You can start protecting your business by reading Small Biz Ahead’s free, new e-book: How to Safeguard Your Small Business from Data Breaches. This e-book will teach you how to create your own data breach security policy, train employees and respond to breaches. Most important, it provides a list of the most common security threats you need to prepare your business against and the habits you and your employees may have that leave your business exposed to a breach. The e-book is free and available for instant download, so start reading today and learn how you can help protect your business from a data breach.
Being in the business of cyber-security we often find there is a lack of information and awareness both on the part of the employees as well as C level management. Buying a security software does not grant your business a solution against data breaches and theft, it is much more complex than that. Risk assessments should be part of any organization strategies as well as implementing security in a unique layered approach. Now… finding the right company to manage cyber-security is the big challenge.
Thank you for your advice Yessika.
Great tips, but there is a certain irony to the fact that I got a warning when viewing the article that “Certain parts of this page are not secure.” Goes to show that there’s no perfection in data security!
You know there is some good info here but as a security expert you should NEVER require employees to change their password every few months. Encourage a high quality unique password.
I really enjoyed this article since as a law firm, we are very aware of
the ongoing hacking issue. We do most of these things, but I will
definitely implement talking and teaching our employees more and
changing our passwords to much more difficult passwords.
Thank you for the article!
Thanks for your feedback, Deborah!