As a small business owner, who may lack the resources for dedicated IT support, you’ll understand the importance of choosing technology that runs smoothly and efficiently with the minimum of intervention on your part. However, malign outside influences, such as spyware and man-in-the-middle attacks, are an ever-growing risk and it’s essential to take appropriate precautions to guard against them. Here are six of the most important.
1. Know what information you are protecting
It’s a sad but true fact that hackers often view small businesses as easier targets than larger ones. Small businesses that act as third-party providers for larger companies can be particularly vulnerable as a result of the sensitive information contained within their systems. Consequently, the first step towards ensuring your business does not fall victim is to understand what sort of information you have that a hacker might want.
Once you have a clear picture of the data stored on your existing systems, it’s time to consider whether you really need all of it. After all, if it isn’t there, it cannot be intercepted, corrupted or stolen.
2. Strong passwords and two-factor authentication
Strong passwords alone are not sufficient to provide the requisite protection against a hacker determined to impersonate a legitimate user. Current best practice recommends the use of two-factor authentication, which, in addition to a password, requires users to confirm their identity via a single-use code sent to their mobile device or a personalised USB token.
3. Security software
As an absolute minimum, your company’s desktops, laptops, tablets and smartphones must have the latest operating systems, web browsers and security software. If it’s an option, turn on automatic updates to ensure you don’t miss anything crucial.
Good security software means more than antivirus systems and firewalls. It also includes spyware removal tools and encryption devices, such as virtual private networks (VPNs).
VPNs are an excellent tool to keep internet use private. They allow a user to hide their online activities by sending encrypted information to a VPN server. It is the VPN server that then transmits the encrypted data to the intended destination. Consequently, VPNs provide two significant benefits: the data encryption makes it much harder for unauthorised parties to access private information, while the use of the VPN server means that the network of origin does not appear as the obvious source of that information.
4. Secure file sharing
Even if you’re a sole trader, at some point it’s likely that you’ll need to share digital information with a client or supplier. A huge number of cloud storage and file sharing providers compete for business, and it can be difficult to pick out the best.
The competition means that cost is rarely an issue but you’ll need to know what you’re getting for your money. For example, are you signing up with a provider who’s directly responsible for storing your data or is a third party involved? Similarly, if information is stored across more than one data centre, how is the information distributed? Don’t rush your decision and do make sure you compare the various features of the different providers.
5. Know your GDPR
Your customers, suppliers, contractors and employees expect you to look after their information. More than that, UK law, in the form of the General Data Protection Regulation (GDPR), requires you to safeguard all personal data in your keeping. Introduced in May 2018, the GDPR governs data protection across the European Union (EU) and its application to the UK will remain unaffected even following Brexit.
The basic principles of the GDPR require you to:
- store personal data securely
- keep personal data for no longer than is necessary and delete it as soon as you have no further need for it
- ensure access to personal data is restricted to those people who need to use it
- transfer personal data securely and appropriately
The financial penalties for breaching the GDPR are potentially very significant. As part of your commitment to avoiding such breaches, you should ensure that your company has a privacy (or fair processing) notice that is easily available to customers and employees alike. In addition, you must report any breaches to the Information Commissioner’s Office within 72 hours of becoming aware of the breach.
6. Regular employee training
The best privacy and security defences in the world are only as good as those who implement them and work with them. Even if you employ only a handful of people, it is essential to keep them up-to-date with the company’s security safeguards. Doing so is also an important means of ensuring compliance with the requirements of the GDPR.