When it comes to your cybersecurity, tell all your employees to follow best practices
Q: I just read that October is National Cybersecurity Awareness Month, and it made me think about whether I’m doing what I should to protect my data. I don’t want anyone hacking into my computer files and stealing my customers’ or suppliers’ information. Any tips for a small business?
A: Too many small businesses think they aren’t at risk simply because they’re small. But as you point out, you have customer and supplier data to protect, and you have critical employee data, bank account information and contact info for your bankers, lawyers, accountants, etc. That all could be of interest to a hacker.
Start by putting someone in charge of cybersecurity, but make sure that everyone knows the buck doesn’t stop there. It’s everyone’s responsibility to follow best practices.
Take an inventory of data you have that could be useful or profitable to a hacker, such as human resources records and credit card numbers. Also inventory devices like desktops and tablets, and operating systems and software. Determine whether the versions you are using are still supported. Be sure you have installed and are regularly updating virus protection. Once you know what you have, you can put protections in place.
Determine who has user privileges and who really needs to have them. Access to sensitive data should be limited to key personnel and IT staff. Control physical access to your computers as well. Laptops, tablets and smartphones are easily stolen, so take particular care with them. Whenever an employee leaves, voluntarily or otherwise, immediately deactivate accounts and access.
Take a good look at your password policies. Passwords should be complex and set to expire after 30, or at most 90 days. Employees should not use the same password for everything. Warn employees not to use public WiFi for work devices. Provide them with hot spots if they do a lot of traveling.
The good news is there are resources to help small businesses develop policies and establish best practices. UH Bauer College SBDC offers a day-long workshop called “Protecting Yourself in a Connected World.” It’s being offered Tuesday and on Nov. 8.
The $19 entrance fee for you and a colleague includes lunch and the SBDC’s “Cybersecurity for Small Business” workbook. Register at sbdc.uh.edu.
The Greater Houston Partnership has a free online guide and assessment tool at houston.org/cybersecurity that can help you determine what safeguards you need to put into place. The U.S. Small Business Administration offers advice at sba.gov/managingbusiness/cybersecurity/.
When you have your cybersecurity system up and running, tell your customers and suppliers about the steps you’re taking to protect their data. They’ll feel more secure knowing you’re doing all you can to limit their exposure as well as yours.