The most stunning business news in the last month has to come from articles about the Equifax data breach. The company estimated that this cybercrime impacted at least 143 million individuals. This news may also seem worse than other high-profile security problems because victims did not choose to have a relationship with Equifax. Just about everybody who has ever borrowed money, had a credit card or even rented an apartment gets reported to credit bureaus. Consumers can’t just decide to use another credit bureau if they don’t like the service or security that one provides.
The Equifax data breach compromised the personal information of 143 million consumers here in the US. A breach of this magnitude raises some serious concerns and highlights a persistent flaw in the way businesses approach data security. What is this flaw? Computer expert Jeanne DeWitt will answer that question in this episode of IT Done Right.
Six Lessons for Small Businesses From the Equifax Data Theft
Your small business probably doesn’t have the luxury of having customers or clients who are forced to do business with you. People choose to patronize your company, so you know the value of maintaining their trust. Even if you have a different business model than a credit bureau, you can use Equifax’s security problems to learn six lessons that should help you protect your company and customers:
- You can’t assume hackers won’t bother with your small business: Naturally, small companies have fewer resources to deal with cybercrimes than large organizations do, but they are just as vulnerable to attacks. CNBC reported that about half of all small businesses have been victims of some kind of digital attack. Because small companies may not invest much in cybersecurity, some experts say that hackers even tend to prefer them as targets. While digital attacks against larger companies often make the news, small businesses are less prepared to deal with the fallout.
- Apply security patches and upgrades promptly: Equifax later admitted that they believed they left themselves vulnerable because they neglected to correctly install a security update. You should make sure that your employees know to apply software updates on all devices that they use to access your system. If employees have trouble, they should report the problem for an investigation. Some malware blocks updates, so that could be a red flag.
- Create and enforce company-wide security policies: When small businesses get hacked, it’s usually because an employee clicked the wrong link in a phishing email or made some other simple mistake. You can invest in fairly simple and inexpensive employee education programs to prevent most of these costly mistakes. You should also let employees know that your company will consider adhering to security policies as an important part of job performance.
- Know what devices your employees use for work: These days, employees enjoy using mobile devices to work remotely. Some employees may prefer to use their own tablets and cell phones to perform tasks within your computer systems. You may face some resistance if you try to police personal devices to make sure they have adequate security. Business owners have to balance employee preferences against security concerns, and this can be tough. If mobile phones and tablets do enhance productivity and morale, you may end up buying secured devices for your employees to use for work and asking workers to save their own devices for personal use.
- Don’t ignore the possibility of inside jobs: It’s true that most criminals are able to infiltrate small business networks and computers because of employee mistakes. A recent Ponemon Institute study looked at almost 900 security incidents. Out of these, employees accidentally contributed to about 500; however, intentional acts by employees caused about 200. Inside jobs don’t always take sophisticated computer skills because employees already have access, so these are tougher to police. It’s a good idea to audit employee security privileges routinely and ensure there is a way to monitor all actions.
- Find out if you or your businesses were impacted by the Equifax breach: Certainly, you will want to know if you have had your private information stolen and what you can do to protect yourself or your business. You can start here on the official Equifax site to learn if you have been affected and what the credit bureau will do to help.
Hire the Help You Need to Protect Your Company’s Computers
If you don’t feel confident about your small company’s security, it’s likely that you need help. Many small businesses operate without an IT department or even any IT people at all. You don’t necessarily need to hire your own security experts to keep your computer systems safe.
These are a few suggestions for small businesses to improve cybersecurity:
- You might consider investing in outside consultants to help audit your current security policies, make suggestions, and train employees. You can benefit from the experience of others if you can find consultants who have worked with similar businesses.
- Also, you can find vendors who offer security, monitoring, and authentication products that were designed with small companies in mind. Let these experts keep up with updates and threats, so you can focus on your business.
- You might consider using reliable hosted software instead of running software and storing data on your own computers. You can find cloud and SaaS providers with good track records for keeping data safe and backed up.
Any of these suggestions can help you benefit from big-company security with a small-business budget. These days, your worst possible choice is probably to do nothing and just hope that your networks, computers, and data are secure.
Published on 30th October 2017 by Jeanne DeWitt.