Alexander Pope said, “To err is human; to forgive, divine.” When it comes to small business or any sized business for that matter, most customers are not all that forgiving, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company. But, data breaches happen and information is lost every day due to small mistakes that could have been avoided. For small businesses, these events can be devastating.
Small business expert and senior USATODAY.com small business columnist Steve Strauss recently shared with us his list of the 12 most common IT missteps most small businesses make. Steve notes that today anyone owning, running or working in a small business has to be as smart about IT as they are about the business itself.
Not surprisingly, many of Steve’s common IT pitfalls involve IT security and data protection. For instance, lack of proper security policies or not having a disaster preparedness plan.
By understanding the IT mistakes other small businesses have made, we hope you’ll be better prepared to avoid them yourself. Here are some tips to help your small business avoid IT missteps that can put the lifeblood of your business -- your information -- in jeopardy.
Armed with this information, perhaps you’ll be a little less prone to err and, in turn, you won’t have to worry about your customers being all the more divine.
- Safeguard important business information. Safeguarding information is critical to businesses of all sizes and SMBs are facing increased risks to their confidential information. One data breach could mean financial ruin for an SMB. Implement a complete security solution beyond just traditional antivirus to ensure proprietary information -- whether it’s credit card information, customer data, or employee records -- is safe. Small businesses’ critical information lives beyond the walls of the office on laptops and mobile devices. To ensure the business is protected, the focus must remain on the information as opposed to the device. Businesses need to look at where their information is being stored and protect those areas accordingly. To do this, it is important to enforce password management for managers and employees. Maintaining strong passwords will help protect the data stored on a laptop if a device is lost or hacked. Encryption technology should also be implemented to prevent unauthorized access to the business network. Helping employees understand this is key – especially since small businesses are becoming increasingly more mobile each year.
- Don’t wait until it’s too late. Disasters can have a significant financial impact on SMBs. The median cost of downtime for an SMB is $12,500 per day. If an outage leaves your company without access for too long, customers will surely have a damaged perception of your abilities and take their business elsewhere. Backup and recovery is a critical component of complete information protection to keep SMBs’ desktops, servers and applications running smoothly in case of disruption – whether it’s a flood, an earthquake, a virus or a system failure. Start mapping out a disaster preparedness plan today. The plan should identify your critical resources, and should include using appropriate security and backup solutions to archive important files.
- Back up important files. If your business runs on information you are playing with fire if you don’t already have a backup for your critical files. Customer information, financial files, etc. should all be backed up in case of emergency. If you need daily access to electronic information have it backed up in a way that you can retrieve it and get back to work. Even small, freak accidents like a virus, Trojan horse, or electrical fires could cost your business thousands without proper data backup. Online storage, or cloud storage, is an affordable storage option that will keep your crucial files safe in an offsite location. Online storage providers host their solutions over the Internet but keep their clients’ information in data centers. By keeping your data backup offsite you can rest assured your information will be safe if a disaster affects your work place.
- Stay free and clear of freeware. Small businesses are looking for the best deal in security software due to tight budgets. However, how does a small business owner explain to a customer that their personal data was breached due to the fact that the “free” security solution that the business installed didn’t protect them against the latest threat? Free AV is very basic. While you need antivirus, you also need more - you need a complete security solution that protects your business from today’s complex threats. The recent “Imsolk” threat is a good example of why free security is a risky decision. Symantec Endpoint Protection blocked the worm before it became a problem for users – something many freeware solutions can’t do as they're reactively responding to threats, instead of proactively combating them. There are so many attack vectors nowadays to consider, and small businesses want to know that their software is preventing those attacks.
- Educate employees. Develop Internet security guidelines and educate employees about Internet safety, security, and the latest threats. Part of the training should focus on the importance of regularly changing passwords and protecting mobile devices. Maintaining strong passwords will help you protect the data stored on a laptop if a device is lost or hacked. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Have employees change their passwords on a regular basis, at least every 90 days. Social networking also presents risks. Employee training should emphasize to conduct social networking with care and caution. Don’t open unidentified links, chat with unknown people or visit unfamiliar sites. It doesn’t take much for a user to be tricked into compromising a device and the information on it.
- Change with the landscape. New developments in technology, software and security are always emerging, and threats are changing too. One of the best ways for small businesses to stay safe and effective is to adapt with the improvements that become available. Not doing so would be the equivalent of choosing to be vulnerable. Small businesses should do whatever they can within their budget to regularly update their devices and software with the latest available.