Security breaches seem to be on the rise throughout the U.S., sparking many businesses to reevaluate their current security measures in place.
In a recent article published on the Business News Daily’s website titled, “8 Security Habits Putting Businesses at Risk,” Sara Angeles, staff writer, discusses how easily certain actions can lead to a breach in security, causing many customers to lose trust in that business.
“Security breaches are detrimental to any business,” writes Angeles in the article. “In addition to the financial costs involved, a tarnished reputation is difficult to overcome — and customer trust is undoubtedly tough to regain once personal information has been compromised.”
She continues in the article, “To prevent breaches, security measures must meet all sorts of regulations, such as those set forth by federal and state laws and by industry organizations. For instance, all businesses need to comply with Payment Card Industry (PCI) standards to securely accept credit card payments and keep their customers’ information safe. Privacy guidelines also govern emails, personal data and other types of information that must remain secure.”
Keeping up with the latest threats and regulations, not to mention managing the large amounts of data a small business generates, can be a challenging task for any business — especially due to lack of time and resources, reports Angeles in the article.
In the article, Sarah Isaacs, CEO at Conventus (an information security consulting firm), and her team offer eight habits that can result in security breaches as well as tips to help small businesses keep information secure:
- Ignoring blind spots. For a small business, employees in charge of protecting customer data may often be performing other job functions as well. “If your staff lacks expertise in a given area, it is important to invest in regular security-health checks with subject matter experts to ensure each solution you have in place continues to remain optimally configured and operating at peak performance,” explains Isaacs in the article.
- Believing small size makes a business immune. Small businesses might think their size makes them immune to IP theft, break-ins or other security issues. This can lead to poor security solutions put in place, freeware and “no way to consolidate the information.” Businesses, no matter the size, should always implement precautions and take any threats seriously.
- Not checking work. Similar to how a writer’s content is reviewed by an editor, a business can benefit from a second perspective. “In one instance, an administrator at an oil and gas company manually input a policy that included a typo. This left a huge hole, which was open and susceptible to attack,” shares Isaacs in the article. Avoid simple errors and safeguard business operations by having a second pair of eyes review any work.
- Viewing regulations as a check off the list. Do not just view regulations such as PCI, the Federal Information Security Management Act (FISMA) and the Health Insurance Portability and Accountability Act (HIPAA) as points to check off the to-do list.
- Not enforcing employ security policies. Many small businesses may not enforce employee security policies, which can easily lead to breaches. Whether aware or not, employees for most businesses are likely storing customer data. The wrong people can obtain an IP address or customer data without the business’ knowledge through a stolen/lost laptop, smartphone or tablet, or even through a prying eye. Businesses must establish and enforce security policies for all employees.
- Lack of training. Accidents can easily be avoided with training. Make sure staff members, especially IT-related, receive proper training on the products/services they work with. “Personnel training can provide a large return on investment (ROI) and help avoid incidents that could damage your business and reputation,” says Isaacs in the article.
- Using the same passwords. Businesses, regardless of size, should establish guidelines and standard operating procedures around the use (and reuse) of passwords. Change passwords for critical resources, such as customer information like credit cards for monthly carwash plans, every 90 to 180 days. Make sure to enforce guidelines for the complexity of a password as well, such as a minimum character amount and alphanumeric requirements. “In order to mitigate the risk of successful password guessing and cracking in their environment, employees should be aware of the issues that may stem from the use and reuse of weak passwords. Put a password manager such as Last Pass, Keepass or Roboform in place to generate random passwords for each new account that is created and to keep track of each password,” asserts Isaacs in the article.
- No network access protection. Venders, customers and other users can request access, however businesses permitting nonsecured personnel or third-party computers to connect to a business’ local area network (LAN) can lead to security breaches. A business must make sure all computers connected to its network are secure.
Read the entire article on avoiding security breaches here.