More Security Tips for Online Businesses
7: Keep an Eye on Your Employees
We're not saying you've hired any shady characters, but employees are a common source of security breaches — 60 percent of them occur within the company, according to a survey by the International Data Corporation [source: Staff Monitoring]. For that reason, employees should be given access to only as much sensitive information as they need to do their jobs, and no one person should be able to access all data systems. Employees should be required to get permission before they install any kind of software on their work computers. Lock up laptops when they're not in use.
Even "innocent" employees can cause security breaches, so no matter how small your company is, it's vital that everyone is trained on all security issues. Require them to have strong passwords. Using the Internet for personal matters can lead to breaks, so make sure to have a very clear email and Internet use policy. Everyone should know to never open attachments or links in unsolicited emails. Require strong passwords that must be changed at least every few months. Your employees should also be aware that an attack doesn't have to be web-based — hackers have been known to impersonate employees on the phone in order to get passwords and account information out of IT help desks.
6: Be Smart About Smartphones
A desktop computer and a landline used to be all we needed for a solid day of work — simple, effective and fairly straightforward in terms of security. But now it's a completely different story. Sure, many people do sit at a desk all day, but most of us carry around laptops, tablets, USB drives and smartphones, all of which we might use for both professional and personal reasons. This, clearly, is a security nightmare.
And then there's the not-insignificant concern of lost smartphones. A lost business phone in the wrong hands could be a complete disaster. At the very least, all phones used to conduct business should have password protection, whole-disk encryption software and a remote lock-and-data-wipe app. That way, you can erase all the information on a lost phone and prevent anyone else from using it.
5: Do "Remote" Right
The rise of flexible work-from-home policies has been a major trend in recent years, which is generally great for employee morale but not so great in terms of security. It's tricky but obviously crucial to keep up security measures when employees are doing their jobs remotely. The guidelines about smartphones apply here, but you also need to ensure that strong safeguards are in place on all company computers and devices, no matter where the employee is working.
To that end, make sure that anyone who uses the company network from home has a strong firewall system. You should also utilize virtual private network (VPN) software to protect data, encrypt Internet traffic and ensure security on all remote computers. It'll also update software and check for viruses.You can require extra passwords for remote access. Warn employees to avoid connecting to public wireless networks and to never submit sensitive information or perform business transactions on public WiFi.
4: Consider the Cloud
All of these security warnings and instructions might cause a panic in a cash-strapped, struggling small-business owner. Good security is just as important to a 10-person business as it is to a huge corporation, but it's a lot to take on. That's where cloud-based services come in — they're a godsend to anyone who doesn't have the the funds, time or staff to install and monitor security systems. To get this level of security, you used to have to invest in email and file servers and hire at least one IT staffer or consultant.
Subscribing to a cloud service lets you hand over data-security duties to a company that specializes in handling these things. It's also an easy way for employees to retrieve data remotely, although you should definitely control and limit access to the cloud account. Cloud services can monitor employee Internet use.
But also be aware that you can't just sit back and relax when you have a cloud service — they won't make you invincible. You have to cede a lot of control to a third party and trust them to be reliable, which can be an uneasy proposition. Most experts recommend backing up your data to both a hard drive and the cloud.