Whether you’re a long-standing community business or a new web-based start-up, many of your transactions will be conducted online. Digital transactions and communications can expand your marketing reach and enhance efficiency, but they can also expose you to the same types of security breaches that larger organizations experience. What’s a small business to do? The Pennsylvania Institute of Certified Public Accountants (PICPA) offers this advice.
Recognize That You’re a Target
While we often see reports of hacking at large organizations, many owners of smaller companies incorrectly assume they’re immune from the danger. Small companies are just as vulnerable—and many have been victims already. A study by the Ponemon Institute found that more than 61 percent of small and medium-size businesses surveyed had security breaches in 2017, up from 55 percent in 2016. Being aware of the problem and the need to address it are critical first steps.
Get Employees on Board
How many of your employees use the word “password” as their password? It’s up to you to educate your people about the dangers that security breaches pose and to set clear tech policies. That includes requiring staff to use strong passwords that must be changed at specific intervals (i.e., monthly), encrypt data properly, recognize and avoid phishing attempts, and initiate automatic locking on computers when they’re not in use. All new staff should be trained in your computer security procedures, and it’s a good idea to regularly conduct updates for existing employees.
Monitor Mobile Devices
Your security procedures should encompass rules for employees’ cell phones, tablets, and laptops. Many organizations allow workers to bring their own devices, meaning they can use personal technology for work. Guidelines are needed for what kinds of data can be accessed or used on these or any other devices used in your business. Hacking or theft is of particular concern when devices are used remotely and connected to the internet through unsecured Wi-Fi. Employees should be trained on the importance of protecting confidential company and customer data. In addition, employees should be aware of how to report the loss or theft of a mobile device that contains business data or that connects to the organization’s systems.
Keep Your Security Up to Date
Make sure you have the latest version of security software and you download all necessary updates for your software as they become available. Install a firewall that prevents access to your data or systems by outsiders. Technology used by employees who work from home or other remote locations should also be protected by a firewall. Also, secure and password-protect your organization’s router.
Set Sensible Limits
Employees should have access to data or systems that relate to their jobs, and no more. That’s particularly true of confidential, personal employee or customer data in your systems. But don’t stop there. An IT staff member’s login may allow him or her to make changes to the system, but other workers should have separate logins that prohibit that access. In addition, workers shouldn’t be allowed to load their own software onto company computers.
Turn to Your CPA
Worried about the many challenges a small business may face? Whether you’re concerned about technology issues, the need to raise capital, marketing, or any other challenge, your local certified public accountant (CPA) can help. Turn to him or her for expert advice on all your business issues. To find a CPA in your area or for more financial tips, visit www.picpa.org/moneyandlife.