In Q3 of 2022, data breaches exposed approximately 15 million data records – a 37% increase from the previous quarter. A study by Accenture on the cost of cybercrime found 43% of such cyberattacks target small businesses, but less than 15% of those companies are prepared to defend themselves.
“The fact is, many breaches are of small companies,” said JD Sherman, CEO of Dashlane. “They’re the easier targets because they tend to invest less and have less technical sophistication around their infrastructures … and mostly what the cybercriminals are looking for are easy targets.”
For a small business, a data breach can be detrimental, not only to their reputation but to their finances as well. With climbing cybercrime numbers, companies should prioritize data security to protect themselves from security risks and maintain trusting relationships with customers.
Neglecting data security leaves your company and customer information vulnerable to potential threats. When a company’s information gets into the wrong hands, it can negatively affect both the company and its relationships with customers. Consumers are becoming more conscious of the safety of their data – they don’t want to offer their sensitive information to a company they can’t trust to keep it safe.
“Even if you recover from [a hit] or pay the ransom or whatever, it’s a reputational risk,” Sherman said.
Although some business owners feel they don’t need to focus on data security, it can only take one hit for a business to go under. That’s why data security should be viewed in a similar way to how people look at insurance, said Sherman – it’s unwise not to have it.
Here are some tips for protecting company data:
Back up your data
Companies that don’t back up their data leave themselves in a vulnerable place. Without an up-to-date backup of all company data, one disastrous incident could wipe out a company’s entire infrastructure and soil a brand’s reputation with customers.
Ensure your company’s records and consumer data are regularly backed up to an external location. Doing so will protect your data in the event of a data breach, an outage, or the data being compromised or lost. Create a data recovery plan and test the plan regularly to ensure your employees know how to maintain data integrity and keep your most valuable assets safe.
Use multi-factor authentication
Multi-factor authentication (MFA) allows companies to tighten up their security and raise their level of protection by using several factors to determine one’s identity before granting access. It makes it harder for hackers to breach your company’s system, requiring the user’s password, a protection element or security token, and a biometric element such as a fingerprint or face ID. For example, some companies that require MFA will send a code to a user’s cellphone, which they then input at the login.
Because of these additional requirements to sign in, many hackers are discouraged from infiltrating networks utilizing MFA. Instead, they’ll likely move on to work their way into a system with fewer security checkpoints.
“I recommend everybody use multi-factor authentication for almost every login,” Sherman said. “It raises the level of protection you have [and] solves a bunch of the [security] problems.”
Invest in a password manager
Roughly 47,750 passwords are used in the average 250-person company. To keep all your credentials secure, invest in a password manager like Dashlane for your company.
A password manager can automatically generate strong passwords to safeguard your most important files and programs, share passwords with others without exposing what they are, and prevent employees from reusing unsecure passwords. All that’s required is to remember one master password.
“If you’re a business owner, we allow you to grant access to passwords when you hire employees, and then take the access away when the employees leave and just manage that,” said Sherman. “It makes the job simpler of protecting the way you and your employees access the data and the tools they need.”
Create a culture of security education
Educating employees on the importance of data protection is a major component of a small business’s security strategy. If an employee doesn’t understand or care about the company’s data security, they can accidentally expose sensitive information and risk unauthorized access by unwanted parties.
“There needs to be some education, and a culture of security needs to develop in your company, just so employees are aware those are the kind of things that are going to happen,” Sherman said. “[Teach employees to] be prepared and pay attention to odd situations where somebody’s trying to gain your credentials through a phishing attack.”
Brief employees on how to safely handle and store company data, review both local and federal laws, as well as company-wide security protocols, and discuss the risks associated with improperly managing information — such as social engineering attacks. Teach employees telltale signs so they can stay aware and look out for security inconsistencies.