One of the most important things that any small business can do is commit themselves to having a cybersecurity plan. Businesses need to protect their valuable data, systems and information from dangerous cyber threats. If they aren't taking the necessary precautions, their businesses can lose data, finances and, in some cases, even fold.
CO—’s latest Roadmap for Rebuilding panel was focused on protecting business data and assets from cyber threats. Jeanette Mulvey, editor-in-chief of CO—, spoke with four experts about the current threats facing small businesses and what small business owners need to know about securing their companies.
Every small business should be taking basic steps to protect themselves
Creating a cybersecurity strategy for a small business can seem overwhelming initially. However, Tara Holt, senior product marketing manager, Iron Mountain, suggested a few simple steps that every small business can take to enhance their protection:
Create strong passwords for every individual user that are changed frequently.
Set up multi-factor authentication on all business devices and applications, which adds an extra layer to their security.
Use encryption, a VPN and a secured network to ensure all data transmitted back and forth stays secure.
Bahar Ferguson, president of Wasatch I.T., compares taking these steps to that of starting a new diet or workout plan.
“If you think that you need to be at the end at the start, you're just going to get overwhelmed and not be able to do any of it,” said Ferguson. “Just take those little steps — turn on multi-factor authentication, get a password manager. Just start chipping away at what you need to do and you'll actually succeed.”
[Read more: 7 Simple Things You Can Do Right Now to Protect Your Business from a Ransomware Attack]
If you think that you need to be at the end at the start, you're just going to get overwhelmed and not be able to do any of it.
Bahar Ferguson, president, Wasatch I.T.
Businesses that use credit cards need to become PCI compliant
Any business that processes credit cards must follow Payment Card Industry Data Security Standards (PCI DSS). This means ensuring all e-commerce platforms, point-of-sale machines, hand swipers and any other method through which a credit card is processed is PCI compliant. Companies that are not PCI compliant and have a security breach are subject to hefty fines.
Renee VanHeel, founder and president of Pay it Forward Processing, said she has seen businesses go under because they haven't been PCI compliant.
“You'd be surprised how many businesses have no idea what PCI compliance is,” she said.
When choosing your credit card provider, Saïd Eastman, CEO of JobsintheUS, recommended asking directly whether the company offers PCI compliance services.
“It's crucial ... that they assist you with that … because it can get very complex,” VanHeel added.
[Read more: A Guide to Understanding Credit Card Processing]
The impact of security breaches can be minimized by backing up your data
When companies experience a ransomware or other cybersecurity attack, their data may become compromised or even deleted. Your business can minimize the damage of losing its data by securely backing it up.
Holt recommended backing up critical data with a “3-2-1” backup strategy method.
“[Make] three copies of data: Two of those copies are on different types of media [so] you don't have a single point of failure, and one copy is actually offset,” said Holt. “That is the recoverable copy that's offline … it's disconnected from a network, so it hasn't been hacked.”
Invest in cyber insurance to better protect your business
One of the best investments a business can make in its overall security is a good cyber insurance policy. Because policies can vary widely — and may not cover every cyber-related incident you may experience — Ferguson emphasized the importance of finding a reputable insurance provider.
“[Make] sure that the company that is servicing that account [has] been around a while [and that] they have a good experience in that space,” she said. “There's a lot of really cheap options out there … [and] as unfun as it sounds, you actually have to read the policy. Run it by your attorney and make sure that it fits. A cyber partner might be able to review that for you and let you know what is the best fit for your company.”
[Read more: How to Choose Cyber Insurance]
CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.
Follow us on Instagram for more expert tips & business owners’ stories.