Breaches are not just for the big boys. Small and medium-sized businesses (SMBs) face the same cyber security threats as large companies, but with only a fraction of the resources. Rather than have an entire IT department dedicated to various aspects of security, small businesses often have just one IT person (if that!) who has to wear a lot of hats — which means security can slip through the cracks.
There are over 7 million small and medium-sized businesses in the U.S. and companies with between 1 and 1,000 employees make up a whopping 57% of breaches.
Unfortunately, small companies also have the most to lose from a data breach. Stolen data can destroy customers’ trust and ruin a business’ reputation, which is deadly for a company with a small customer base. A breach can also result in huge monetary loss; a $100,000 loss to a multi-million dollar corporation may not make that much of a difference, but if you’re only bringing in $500,000 a year, the consequences can be devastating.
No matter how many employees you have or how much money your business brings in each year, staying on top of security concerns has to be a priority for all business owners. We’ve rounded up the top five security concerns small businesses face — from hiring untrustworthy people to small business payment processing that isn’t secure — so you can take appropriate measures to keep your company safe and your customers happy.
- Weak Passwords
Creating strong passwords is one of the easiest, and best, steps you can take to secure your data. Using a basic or easily guessed password opens up every aspect of your business to attack. A few keystrokes later, hackers have access to your bank information, secure business files, payment data, subscribed customer lists and more.
Take the time to create strong, unique passwords for anything that requires it, from logging into company email to accessing secure servers. Make sure all your employees are following suit as well, and your business data will be more difficult to obtain.
If you want to learn more about password security, check out our ultimate guide to creating a secure password.
- Lack of Employee Training
This goes hand-in-hand with creating strong passwords. Many employees don’t fully understand the importance of data security, which means they may not make the best choices when it comes to their digital presence.
Hold frequent information and training sessions to educate all employees on the role they play in keeping information safe, and what to do in the event of a breach. The more they understand how they can help, and how serious the consequences could be, the more willing they will be to do their part.
- Trusting without Verification
This goes for both employees (current and prospective) and vendors you work with. We’ve already discussed how small businesses are easy targets, and not just from hackers sitting in a basement three states away. You have to make sure the people working for you are trustworthy and the vendors you work with deliver what they promise. As mentioned, the risk is too great for small companies to take.
Background checks may be expensive for small businesses, but they’re worth it. At the very least, dig into the social media presence of prospective employees to get a feel for the kind of person you’re hiring. Have vendors provide details on their cyber security, backup and the personnel involved in your account should you decide to work with them. Also be sure to get signed contracts that spell out consequences should the vendor not deliver — especially technology vendors and cloud service providers.
- Mobile Point of Sale (mPOS) Security
Mobile payments via tablets and smartphones are often the small business credit card processing system of choice. However, using these presents an opportunity for malicious hackers to access payment information and leave malware on your devices. Merchants can’t modify these devices to add additional levels of security, so they have to wait for them to evolve on their own.
When using an mPOS system, look for small business payment solutions that use PCI-validated point-to-point encryption (P2PE) technology, like Bluefin’s QuickSwipe Mobile, to keep your data safe from attack. These systems encrypt cardholder data so if a hacker intercepts it, it won’t be of any use to them.
- The Internet of Things
The Internet of Things, or IoT, is a term that refers to the ability of multiple devices to connect to the Internet and share information with other devices and people (for example, your laptop can send information to your phone, and your watch can send messages to your spouse’s tablet). These devices store a lot of information about you and your surroundings that can easily be accessed by others.
Because these devices connect directly to the Internet, hackers can break into your local network that way. And attacks on one device can lead to attacks on another connected device. You can avoid this by limiting the number of devices connected to your business network — only allow devices that need to connect for business purposes.
Taking a Holistic Approach to Security
When it comes to protecting your business from cyber attacks, no security measure is too simple or too small. Taking a holistic approach to your company’s digital security will save you time and money in the long run (because recovering from a data breach is no easy process) and keep your customers happy. If you have questions about secure small business payment processing or how to better protect your customers and company, contact us.