Even just thinking about protecting your business from all the cyber threats it faces can be daunting. Where do you begin? Do you start with your website, or is it something more basic like having a security plan? Do you train your employees or lock down every computer and let technology do the work? If critical data has to be protected, which data first? Which data most?
It’s this very scenario that creates the biggest security vulnerability for most small businesses. When building an effective security program for your business begins to look like a much bigger mountain to climb, especially as you get closer, you put the project off until another day. And in the meantime, hackers can have a field day.
So to help you overcome that feeling of helplessness, and the consequent risks, we’ve put together a checklist of ten things you can do today that will make you safer tomorrow.
1. Write it down. Whatever your security plan is, whether it’s a detailed plan or a one-page checklist, it needs to be written down in order for you to follow, remember, update, and fix.
2. Think about what can hurt you most – sensitive customer data, employee information, partner information, your website, regulatory and compliance issues. Pick the Top 5 security worries you face, place them in order of significance, and start working from the top of the list down.
3. Share the load. There are plenty of external security resources that can help you, from your bank and credit card company to your web hosting company. But also look internally. Talk to your employees, get a team together and pick a team leader whose responsibility it is to keep pushing and monitoring your security.
4. Lock down your website. If you haven’t already done so, make sure you’re using a firm like SiteLock that specializes in protecting business websites. Most website security is now automated, especially for issues like malware removal, which means you can move to the next item on your list.
5. Think mobile. We’ve said it before – smartphones and tablets are powerful and portable computers that just happen to make phone calls. So make sure that any mobile devices used in your business, whether they’re owned by the business or individual employees, are fully protected from malware and other threats. And while you’re at it, make sure you have clear rules on how these devices can be used and what can be stored on them.
6. Do an inventory – of all the data you have in your business and all the computers and devices you and your employees use. If you don’t know what you have, you’ll never know what to protect.
7. Wrap your business, your data, and your employees in multiple layers of security. The most effective security is based on multiple layers of perimeter security, so that if one layer fails you’re still well protected.
8. Test often to look for weaknesses and failures. For example, if you have a policy that prohibits employees from sharing their passwords with other employees, create a fake email that asks employees to confirm their passwords. You could create a very powerful teaching moment for all employees.
9. Don’t forget about physical security. Do a physical security audit of your office and any other facilities so you can see your business from the perspective of a physical intruder who might be targeting your files or computers.
10. Don’t forget about personal security. Hackers are increasingly targeting CEOs with things like phishing emails, often in the hope that a busy boss will make the hurried mistake that will allow the latest, nasty piece of malware to sneak into the business.