Data breaches at large companies often make headlines. The good news is that major corporations have the resources (and, increasingly, the motivation) to protect themselves from electronic intruders. If your company does business with firms in the S&P 500, your personal and business data probably are secure.
The bad news? Thwarted hackers and identity thieves may step up attacks on small and medium-sized companies. Such ﬁrms often do not have strong defenses in place, so they may be vulnerable.
Consequently, your company’s customer data and banking information may be targets. Dealing with electronic theft can be costly and time consuming—and extremely stressful. If you suﬀer a data breach and word gets out, damage to your reputation can be severe. Small companies may even be forced out of business as a result.
Putting protection in place
To avoid such disasters, you need to recognize the risk and adopt a plan to secure your electronic information. It may be well worth the time and money to bring in a third party expert to review your cybersecurity and make recommendations.
Often, recommendations include a program of educating your employees about data security, with periodic sessions to inform your staﬀ about new threats. For example, if employees need passwords to access private information, they should avoid using the same password for years, on multiple websites.
You might want to investigate using a password manager yourself, for company-related matters, and having employees use one as well. Password managers, found online, store someone’s login information for various websites and allow users automatic entry. The user has just one master password to remember while diﬀerent, changing passwords are submitted to provide the desired access. There are also services that can securely transfer sensitive ﬁles, if you prefer not to send them as an email attachment.
In addition, your company should take steps to protect against malware: hostile or invasive software that may be used to steal personal information and commit fraud. You can reduce your risk in this area by installing antivirus software and keeping it current. Your company also can implement policies regarding the types of websites and data that employees may access while on a company network.
The U.S. Chamber of Commerce oﬀers suggestions for establishing policies for employees’ acceptable use of electronic devices. Employers might require the following:
- Logging oﬀ or applying a screen lock to their computer before leaving it unattended even for a short break.
- Assigning employee responsibility for computer access and equipment taken oﬀ-site.
- Limiting employee and family members’ personal use of company computers.
- Limiting the use of personal machines on the company network.
- Establishing employee liability when personal acceptable use has not been followed.