Get Your SMB's Data Security Plan in Shape

Get Your SMB's Data Security Plan in Shape

We've got an easy way to get back in shape now that the holidays are over.

Not you, owner and proprietor. You look great. It's your data security that could use a new fitness plan.

Now is the perfect time to start. With a new year upon us, it's the perfect time to re-examine your organization's data lifecycle, how data is collected, used, transmitted and destroyed.

SMBs are increasingly at risk from hacker attacks and digital conmen. The percentage of targeted attacks on small businesses doubled in the first half of 2012, compared with the first half of 2011. More than a third of the attacks were aimed at companies with fewer than 250 employees.

Here are five steps to trim, tighten and tone your data waistline. Follow this data diet to get your network security into shape:

Step One: Limit Mobile Devices. Smartphones really are just small computers that have the ability to access corporate systems like any remote laptop or connected computer terminal. But they’re a whole lot easier to lose. One way to slim down data exposure, is to limit your business’s mobile phone use. Ifthat's not an option, treat them like computers: Pick your device carefully, require encryption and user authentication, and control available apps just like you would full-size computer programs.

Step Two: Encrypt. Does your business handle sensitive data? Then database encryption is a must. Even if hackers get into a system, they can’t view encrypted data unless they have specific encryption keys. If your company issues notebook computers, which can easily be lost, whole drive encryption programs also are a must. It can lock out thieves, even if the computer is in their hands.

Step Three: Train. Your business is only as fit at its weakest link. And while you can’t require employees to spend time in the gym, you can require security training and testing. Drill them on the basics of secure passwords, access controls, and proper data-handling protocols. If your staff is security fit, your computer systems will follow.

Step Four: Employ a Smart Data Lifecycle. In this age of data mining,it's tempting to want to keep client and employee information forever. But with that comes a risk—a costly one. Mitigate this risk by asking only for necessary information, storing it in a secure manner and destroying it whenit's no longer needed. A smart data lifecycle—knowing what you need, how long it should live, and how to dispose of it—ensures minimal damages if and when the hackers attack.

Step Five: Vet, Vet, Vet. Just because you’ve gone on a data diet and slimmed down your risk profile doesn’t mean your partners and third-party vendors have. Vet, vet, vet any company that has access to your systems or employee resources. To not vet partners is like letting the Sons of Anarchy house-sit for the weekend. Only deal with companies that take their digital waistline as seriously as you do.

For additional support, contact your insurer, which may offer data defense services from CyberScout.