Small business owners don’t have to be just another data breach statistic.
In the fall of 2013, up to 70 million Target customers’ credit card, debit card and personal information was compromised in a data breach that occurred during the busy holiday shopping season. Small businesses aren’t immune from similar attacks. In 2012, around 40 percent of data breaches occurred at companies with fewer than 1,000 employees, according to Verizon’s 2013 Data Breach Investigations Report.
Schrader, CEO of Cyber Security Group in Reno, Nev., specializes in helping small
businesses avoid cyber threats. But small business owners can’t
protect their data alone. Here, she offers three cyber security tips small
business owners can share with their employees.
for the warning signs of social engineering.
Social engineering, when a hacker poses as a vendor, government representative or even an employee, is a key way that cons learn about an organization and hack into its network. “Social engineers are often great actors and have very convincing stories of why they want confidential information,” Schrader says. “It is critical that employees understand that they are an important link into a business, regardless of the size of the business or the role of the employee.”
Small business owners should tell employees to watch
for these red flags, Schrader says. One example of a common social engineering
activity is for a criminal to pose as a representative of another business. Another
is when a criminal uses personal information gleaned from social media sites
and acts as if he or she is connected to the target employee: making a fabulous
special offer, asking for a donation to a favorite charity or sending an email
with malware that is activated when the employee opens a PDF or clicks on a
For a more thorough education, Schrader recommends
employee training sessions, ranging from a few hundred dollars for an hour-long
session or several thousand dollars for a customized, full-day course. These
sessions can teach employees about the most common forms of social engineering and
how they can be on the lookout for these scams. Schrader suggests finding a
training provider through your local Chamber of Commerce or, if you outsource
your IT work, asking that company for recommendations.
Protect your smartphone or tablet.
Many businesses allow employees to use their own devices for work purposes, and the proliferation of smartphones and tablets “presents a huge opportunity for hackers to access company data,” Schrader says. Smartphone theft is rampant across the country—in New York City, these crimes account for more than half of all street crime, and stolen phones (along with the sensitive data they contain) are often sold on the black market.
Schrader recommends that small business owners ask employees to use a passcode to access their phone or tablet, and to avoid using their devices on public WiFi networks for activities involving passwords or financial transactions (such as online banking or shopping). These unsecure networks are safe for visiting sites that do not require personal information, but for other activities, stick to 3G or 4G networks, which make it more difficult for hackers to steal passwords, credit card numbers and other confidential information.
rules for passwords.
“Strong passwords are the first defense to security,” Schrader says, “just as a key is to a front door.” She recommends that small business owners mandate that employees create a personal formula for their passwords, which should include a minimum of 8 characters: uppercase and lowercase letters, numbers and symbols. The longer and more complex the formula, the harder it is to hack. By using a personal formula, such as the first and last letters of words in a favorite song coupled with a few numbers and symbols, an employee can remember the password and change it quickly if needed.