7 Steps Small Businesses Should Take to Improve Data Security


Cybercrime and security breaches are not only costing businesses millions of dollars, they are ruining their reputations. Providing the strongest data security is now an essential element of running a business. Here are seven specific steps that small businesses can take to update and improve data security.

1. Create Better Passwords

Passwords are simple, yet they are the first line of defense when protecting data. According to American Express, passwords should be complex, random and lengthy. While creating strong passwords in the first place is better than changing poor passwords on a regular basis, passwords should still be changed at least a few times a year.

It’s also recommended to use different passwords for different accounts and sites. This can ultimately mean coming up with a lot of passwords to remember, but it’s an important step when protecting data. Finally, small business owners shouldn’t use automatic login features. Again, this may seem like more work but can make a difference in data protection.

2. Educate Employees

Employees must understand the expectations of the organization they work for. A detailed process should show how to handle customer and employee information and what type of information can be given out and to whom. Not opening suspicious emails or links, removing unauthorized apps, and always keeping sight of mobile devices are habits every employee should develop.

Once standards are in place it’s crucial that they apply to everyone at all times. Any time exceptions are made, the business is putting itself at risk. It’s important to remember that people are creatures of habit and need to be reminded often to develop good practices. This means regular meetings and updates regarding the business’s data security policies.

3. Put in Place a Strong Firewall

Some small business owners may wonder if they even need a firewall. The answer is a definite yes. A firewall is either a type of hardware or a software program.

Whether it’s a payment terminal that’s connected to the internet or customer information that is obtained online, having an associated strong firewall is essential. My Digital Shield states that many standard firewalls only monitor incoming traffic. A system also needs to protect outgoing traffic that may contain a customer’s financial transactions, including credit card numbers.

4. Use Top-of-the-Line Antivirus Software

While a firewall works like a screen by monitoring and blocking access from unauthorized sources, antivirus software provides another level of in-depth protection. Antivirus applications can detect, prevent and remove a variety of items, including spyware, viruses and trojan horses.

Installing the best antivirus software is crucial to protecting data. Good antivirus software will basically run itself, but it does need to be monitored and updated on a regular basis. Top Ten Reviews describes several general areas that a business owner should consider when choosing the right antivirus software for their company:

  • Pricing
  • Protection & Performance
  • Security Features
  • Management Features
  • Help & Support
  • Supported Platforms

5. Secure Laptops and Mobile Phones

Today’s mobile devices, including phones, contain almost as much important data as what is found in computers. Data used in tablets, laptops and mobile phones are often more vulnerable because these devices are used off-site. A small business owner needs to follow several steps to make sure the devices that employees use are secure:

  • Enable remote wiping if a phone is lost or stolen.
  • Install encryption software.
  • Install automatic locking if a device is not used for a period of time.
  • Activate update alerts as soon as possible. Updates increase security.

6. Complete Regular Backups

Every organization should complete backups on a regular basis. According to Tripwire, data should be backed up at least once a week. Incremental backups can be done even more frequently.

A business owner should have local backup as well as offsite backup. Onsite backup will give the business immediate access to any data that is lost or deleted. Offsite backup will provide data in the case of theft, fire or a natural disaster. Tape backups can be used for long-term storage. However, cloud-based backup is now generally used for most offsite data storage.

7. Know Your Legal Obligations

Business owners are increasingly becoming responsible for the protection of certain types of data and can be held liable when data is compromised. The Federal Trade Commission (FTC), along with a variety of federal and state statutes, now requires businesses to play a crucial role in preventing a data breach and responding appropriately if and when it occurs.

NJord Law Firm states there are several legal data protection requirements in place that a business must comply with. A few include a minimal processing of data, transparency when obtaining and processing data, and notifying authorities within 72 hours of a data breach. Since laws regarding data can be complicated and change often, business owners should consult with an attorney regarding their legal obligations.

Every small business must have specific data policies in place. These policies must be implemented and maintained to protect the business, but they must also be reviewed and updated on a regular basis. The future of every business often hinges on how reliable their data security is and how detailed their plans are should a cyber-attack occur