Many small business owners lack the peace of mind that comes from knowing their client data, and ultimately, their businesses’ reputations are protected. Below are 10 ways small businesses can better protect their sensitive information.
1. Use Mobile Device Management Software
Many small businesses issue tablets to employees working in the field. It’s important for businesses to have a centralized mobile device management (MDM) tool capable of locking certain apps and restricting features that can potentially place the devices at risk. Additionally, companies can wipe any data remotely with their MDM tool if the device is stolen.
2. Disallow Personal Device Usage for Work-Related Tasks
Disallowing employees to use their own personal devices for work-related tasks can be very helpful for protecting data. If an employee saves data to their personal device, it can be extremely difficult or near impossible to remove this data from the device after an employee terminates. Make sure you have a company policy that speaks to use of personal devices.
3. Use Endpoint Encryption
Many employees leave their laptops unattended in public areas (ex: back seats of cars) and they can be stolen. A thief is unable to login without the Windows domain password, however, they can remove the hard drive and view the data by connecting to another computer. By using encrypted hard drives, your data is protected from being viewed, accessed or stolen as the thief won’t be able to pull up the data using another computer.
4. Test for Backup Data Restorability
Most small businesses receive emails notifying them when their backup jobs run successfully, however, these emails can’t confirm whether that the backup data is actually restorable. Restorability testing should be completed on a consistent basis. A “successful” status is not enough to ensure you can recover in the event of disaster.
5. Run a Social Engineering Campaign
The easiest way for hackers to infiltrate your organization is through your non-technical end users. It’s as easy as sending a phishing email to your finance department or requesting information over the phone. Enterprise organizations have strict, documented processes for providing sensitive data, but small organizations that lack these processes have become the key target of hackers. It’s best practice to utilize an IT consultant to conduct a social engineering campaign and educate your end users.
6. Clean Active Directory
When an employee leaves the company be sure to deactivate their Windows user account in your Active Directory domain. This helps prevent former employees or hackers from accessing your systems and causing damage.
7. Follow the Principle of Least Privilege
The Principle of Least Privilege states employees should only be given permission to access the data necessary to complete their job functions. This helps prevent employees and former employees from leaking confidential data or using data for their own non-business purposes. The easiest ways to compartmentalize users is by writing group policies within Active Directory or adjusting the security settings within your applications
8. Stay Current with System Upgrades
Upgrading your systems to the latest versions doesn’t only provide you with the latest features, it also protects your systems. Vendors, like Microsoft, will patch any known security vulnerabilities that were exposed in their previous release. Patches can also prevent the spreading of viruses or worms by blocking the vulnerability used in spreading the virus.
9. Don’t Use Unsupported Systems
Businesses continuing to use unsupported operating systems are exposing themselves to threats. When vendors like Microsoft sunset the support of an operating system, they stop upgrading the system and patching its security vulnerabilities. Please note that Microsoft will be ending Windows 7 support in 2020.
10. Create a Separate Guest Network
Commonly, small businesses only have one wireless network. The downside to only having one network is that visitors will be authenticating to the same network that provides access to sensitive client and financial information. It’s best practice to isolate guest access by setting up a new vLAN or by physically separating access to the local area network (LAN).