Next Wave Ideas – Why It’s Important for Small Business to Keep Data Safe

Why It’s Important for Small Business to Keep Data Safe

Shaun Wiggins, President and CEO of Soteryx Corp

It is ironic that as small businesses have become increasingly complacent about news headlines highlighting massive data breaches — i.e., Facebook, Yahoo, Equifax and Target — the threat of data breaches among small businesses is greater now than ever before. It is painfully clear that cybersecurity policy, training and operational risk management solutions remain insufficient to protect businesses against cyber threats. Lack of awareness among the small business community, and proper training among staff is the main reason data breaches continue unabated.

This is clear when most surveys conclude that more than 80 percent of small businesses don’t believe they are at risk for a data breach. Yet the majority of cyberattacks target small businesses, resulting in 60 percent of those businesses going bankrupt within six months of the incident. Research reveals that as much as 74 percent of small businesses admit that they have no cybersecurity safeguards in place, no cybersecurity insurance policies, and no cybersecurity procedural training for staff. In some business circles, this lack security processes and procedures would amount to negligence.

This is likely to change as legislation continues to catch up with data breaches, especially considering data privacy scandals such as we have recently witnessed with Facebook’s latest controversy. Looking toward the not-so-distant future, businesses will more than likely assume legal liability if regulations become law, targeting all businesses that have access to an individual’s personal data.

Small businesses need to immediately adopt practices to help safeguard data. What can you do to make your business safe? The first thing is to realize that the question is not whether your business may be targeted, but when, especially if your staff is not trained properly on how to keep your data safe. Education and training is critical to maintaining a safe IT infrastructure given that almost 65 percent of data breaches happen due to internal staff negligence.

Second, the key to protecting your data is to find the right cybersecurity and crisis management consultant to assess your vulnerability profile, advise you on the steps you need to take to prevent data breaches, and remain compliant with regulations that could prevent you from doing business in the future. A cybersecurity specialist will be able to help you:


1. Determine what data you have that is considered confidential

“Confidential” data is defined by law, and includes, but is not limited to a customer or client’s personally identifiable data like social security number, home address, bank account numbers, etc. For business clients, this can include confidential information like financial information, business plans, and sales information, and trade secrets.

2. Remain Diligent Regarding Background Checks

As much as 70 percent of fraud in small businesses is committed by employees. As a result, background checks are essential before giving employees access to data, which if leaked, makes you vulnerable to loss of business and lawsuits by those whose information has been made public.


3. Secure Your Network

Strong encryption is a critical first step to protecting your data. It is also important to disable the broadcasting function on your network to prevent it from being visible to third parties.


4. Build A Firewall

Malicious software, or malware, can gain access into your network system, resulting in programs breaking down, and loss of data. Building a secure and dedicated company network is major step to prevent breaches. The internal network must also have strong built-in security.


5. Store data safely

Look where you store your data. Cloud storage offers increased data security and allows employees to easily access information wherever they are. Also, because resilience is critical, be sure to regularly back up your data in a different, secure locations.


6. Control data use

Be selective when giving staff access to different types of data. This allows you to isolate and minimize potential breaches.


7. Encrypt Your Data

Encrypting data helps to protect the confidentiality as it is stored on computer systems and transmitted across the internet or other computer networks..

8. Train your staff

Spending money on consultants, new software, or fancy equipment will mean nothing if your staff is not trained properly. This is because most data breaches occur due to internal staff negligence.

9. Include Your Employees in Creating Security Policy

Make sure your staff understands the information your company’s cybersecurity policies and procedures. Employees are an integral part of implementing any security upgrades you decide are necessary to keep your data safe. Only your staff can tell you if your security standards are relevant, working, and have essential security components because they are working with the data day-to-day.

10. Include Mobile Devices in Your Company’s Security Plan

Whether employers admit it or not, company information — especially communications — will end up on employees’ personal devices like mobile phones. As a result, it is critical that your business articulates security requirements and training along with privacy policies to your employees that includes any of their personal devices.

Shaun Wiggins is president and CEO of Soteryx Corp., a technology company that helps protect and promote businesses of all sizes. Shaun is recognized as a leading authority in analytics-based online and offline engagement. He has more than 25 years of experience in understanding the psychology related to what motivates individuals to act as well as how they can be motivated. Shaun has used his expertise in stakeholder relationship engagement to develop algorithms that analyze individual and group behavior to help businesses and governments employ predictive analytics used to develop engagement strategies. Shaun has expert project and program management experience related to the secure use of individuals’ and communities’ use of data.