Too Small to Hack? Think Again!
- 77% do not have a formal written Internet security policy for employees.
- 63% do not have policies regarding how their employees use social media.
- 60% say they have a privacy policy in place that their employees must comply with when they handle customer information and half (52%) have a plan or strategic approach in place for keeping their business cyber secure.
- More small business owners (45%) say they do not provide Internet safety training to their employees than those that do.
- Two thirds (67%) allow the use of USB devices in the workplace.
- Six in ten (59%) say they do not require any multi-factor authentication for access to any of their networks, and only half (50%) say that all of their machines are completely wiped of data before disposal.
What to do?
As silly as it might sound, one of the first lines of defense is to put a privacy policy in place, so customers know what information you collect and how you use it. The second step is to follow the policy. If something were to go wrong and your business systems were unlawfully accessed and/or information breached, the first thing you will need to be able to produce is a privacy policy and be able to illustrate what steps were taken to act in accordance with it.? In maintaining awareness surrounding the information your business has about its customers and by routinely deleting the information you don’t need, your business will mitigate its risk.
Finally, follow these best practices, from StaySafeOnline.org:
- Fully protect your own computer systems and keep software, browsers and operating systems current.
- Scan everything you attach to the network.
- Keep hackers out with a good firewall.
- Filter for spam.
- Train employees to be vigilant.
SMART TIP:? Invest in developing appropriately stated and structured policies and practice strong security measures now, so you don’t have to do it after a breach.