One thing about your business that you can be sure should always be kept confidential is your data. There is no doubt about it, and there is no such thing as “unimportant” data. Anyone that is smart enough to extract data from your servers is definitely smart enough to bring together seemingly unrelated and irrelevant data to build meaningful bits of information that could then be used to do harm to either your business or the subjects of the data which are more than likely to be your trusting customers.
For example, the combination of names, dates of birth, addresses (physical or digital), and social security numbers could be used to build a decent enough of a personal profile to fool financial institutions like banks. Even if the hackers don’t use the information directly for financial gains, they can use it for identity theft – which again, of course, leads to the risks of losing privacy and money.
Therefore, you, as a business owner, should always keep your eyes open for security flaws in the setup of your business and its websites. Below, we will see 7 key steps you will need to make sure that you minimize the risks of anyone penetrating your system:
- A Policy – every business should have a technology policy that covers all aspects of access, security, data usage, and sharing of information. A quick search online should give you a pretty good picture of what a good policy would look like. Download a template and customize it to reflect your business’ environment. Keep going back to it every once in a while and updating and improving it as the situation requires.
- Passwords – although it will be covered by your policy, you should still take a special look at the way passwords are set and used in your business. Make sure you (and your staff) have a rule that ensures everyone is on the same page about how no one should use default passwords. They should never use simple passwords that even a 7-year-old can guess. Everyone should have passwords that are combinations of numbers, special characters and both upper and lower cases of alphanumeric characters. No two staff members should share a password… In short, take recommendations from security companies and tech giants and implement them.
- Firewalls And Corporate Anti-Viruses – these two pieces of technology will make sure you stay safe at all times, even after you turn off the office lights and head home. It is almost unthinkable to have a website and/or network and then not have them lie behind both security applications/hardware. You should invest in the best technology has to offer. Some of the best security companies have amazing deals on their latest products, but even if it is a bit expensive, you should still go ahead and get them. The price is worth it considering the damage that not owning them will cause.
- Compartmentalization Of Data – not everyone needs to see or access all of your data and the same truth applies to your own employees too. Your data should only be accessed by those that absolutely require it to perform their tasks. On the outside it is much easier: no one should have access to data other than that which belongs to them. Therefore, set up a scheme (even if it means using multiple servers and/or databases) to keep data compartmentalized. In case of an attack, the bad guys will only be able to get partial data and if your employees were to go rogue (knock wood), they would only be able to get half the information out.
- Encrypt Data – whenever possible, try to keep your data encrypted. Whether it is when in transit (between you and your users/consumers) or when it is stored on local servers or on those you rent from hosting providers, make sure your data is encrypted. Again, this step might put you little out of pocket, but considering the fact that your attackers will not be able to use any of the data they have taken from you makes it all worth it.
- Clean Connecting Devices – nowadays it is a common thing to see employees come into the office lugging their own devices – hence the abbreviation BYOD which stands for “Bring Your Own Device.” You should make sure the devices and gadgets are clean before they are allowed to join your network. Have employees install your antivirus and other security software to enforce your policies before they are allowed to login on the network. Keep monitoring for changes like people blocking your policies or their uninstalling or tweaking of your applications.
- Keep It Updated – once you have all these features in place, make sure that everything is updated on a regular basis. In fact, it wouldn’t be too bad an idea to have all your software automatically search for/download/install updates that are sent out by manufacturers – so adopt it.