Five Reasonable Ways to Maximize Data Security

By David Myers

Data Privacy and Cyber Security Partner

Buckingham, Doolittle & Burroughs, LLC
(Provided in cooperation with Ashton Solutions and Sophos)

 

As a small- to medium-size business owner, have you ever thought about what’s involved in protecting your business from a security breach? You may even be asking yourself, “What do I have to protect? I’m not a target.” Consider that even if you own a small company, your data is still valuable to someone – YOU (and the “bad guys”)! Your company’s business process information, client and employee information, and financial records all need protection. Businesses of all sizes are at risk of being hacked. Smaller companies just don’t make the national news the way that really big companies do.

The good news is that it is possible to make big improvements to protect your business and the investment you have in it by following five reasonable steps.

Step 1: Choose the right people.

If yours is like most small- to medium-sized businesses, you, at most, have one or two inside IT personnel. That forces you to hire an Manages Services Provider. How do you know which one is the right one?

It’s critically important that they have the depth of bench you need, with recognized experts in the programs and security measures that matter most. When screening, here are some key questions to ask.

  • Tell me about your business, particularly your cyber security capabilities, like I am a five year old. That will give you an idea of how they answer questions and tell you if they can teach a function or program.
  • How many people work at your company? They do not have to be huge. In fact, most providers that serve multiple industries have about 20 on their team. Some providers who focus on only a few specific industries might have plenty of expertise with even less. Ask how many will be assigned to your account.
  • How many tools/programs do you support? Along with supporting the tools you have in place, consider what you may need. If the service provider claims to support 20 firewall programs, chances are good that they are not an expert with all (or any) of them.
  • How many cyber security experts do you have? In an emergency, one is not enough.

Step 2: Choose the right products.

You already know you’re going to be making an investment. One way to minimize it is to look at what you already have in place, determine if it can still be used and if it’s currently supported by the original manufacturer. If the answer is yes, keep it.

Determine what products you need to invest in, such as firewalls, virus protections software, maybe even servers and updated programs. But there are several security vendors that offer solutions with exceptional protection for affordable prices. You should look into these specific multi-tool protections to ensure comprehensive security.

Step 3:  Identify low-hanging fruit.

Eight out of 10 breaches happen as the result of stolen credentials. Longer and more complex passwords are considered the safest. Also, turn on multifactor authentication EVERYWHERE YOU CAN.

Make sure you’re using what you have and use common sense. Is your virus and security software turned on? And not just the base program, but all the included protections. Does everyone log off when they leave for the day?  And by all means, keep an eye on the calendar. Breaches often occur on or around holiday weekends like Christmas or July 4th, when nobody is even thinking about work. Just prior to the holidays is a good time for a systems check and staff reminders.

Step 4: Ensure teamwork.

Do your internal IT contact and your outside service provider communicate well? Do they touch base regularly? Is there trust? Can they translate technical issues and processes down to the end users and to different levels of the organization?

Step 5: Demand continuous improvement.

Technology is the platform that runs the business. Continuously demand improvements through your team and outside services provider. Always ask about what’s new and what’s better and whether or not your business needs it.  As your business grows, make sure your protection grows, too.

What’s Next?

Put these five basic steps to work for you. And while they may require a financial and time investment on your part, the cost is far less than that of a data breach.

If you would like more information, watch this 1-hour webinar at https://youtu.be/xhU2NjI8-0k https://youtu.be/xhU2NjI8-0k