The Serious Job of Protecting Client Information

6 Important Small Business Cyber Security Tips

Chances are, you think twice before entering your credit card information online to buy something, watch out for malicious links in emails and keep your PC updated against viruses, spyware and hackers.

However, how much thought do you put into your small business data security and protecting client information?

Hopefully a lot, because according to Microsoft:

• An attacker resides within a network for an average of 146 days before detection

• The average cost of a data breach to a business is $3.8 million

• The total cost of cybercrime to the global community in 2016 was $500 billion

• 63 percent of attacks are the result of compromised user passwords and usernames

As these threats continue to become more sophisticated, legislation must too. ]

In Canada, many government departments such as the Department of Justice, RCMP, Public Safety Canada and Global Affairs Canada work together with international, federal and provincial law enforcement agencies against cybercrime.

That’s great, but you want to stop any potential attacks before your clients’ data security is breached!

And, if you’re thinking that your site is too small to appeal to hackers, think again. Sometimes a cybercriminal’s intention isn’t to gather sensitive content, but to relay spam emails from your server.

Let’s use the example of a membership site for these small business cybersecurity tips.

A membership website has specific resources available for members who generally pay a one-time or recurring fee to get content such as videos, eBooks, articles or tutorials.

Because people are entering sensitive information such as email addresses, passwords and payment information to access my content, we need to be vigilant about how we keep them safe from online threats. (A secure site is also more likely to earn trust, which in turn can increase revenue.)

To help safeguard your clients’ data security, I suggest that you:

1. Choose a reputable web host. Don’t just go for the cheapest! I compiled a list of web hosting providers that I recommend; you can view it here.

2. Install an SSL certificate on your site. This means having HTTPS vs. HTTP in the URL. This is the prefix to your web address, and the SSL provides additional security and makes it harder for hackers to access.

You can often add this service to your web hosting package for free, or for a small cost. An added bonus: a secure site can actually rank higher in Google.

3. As soon as you see a new software update, install it. Many membership sites are built in WordPress, which lets you simply click the ‘Update Now’ button. This helps keep cybercriminals from taking advantage of security flaws in older versions.

Similarly, look for plugins to help manage online security.

4. Enforce complex passwords. Request or even demand that users create passwords with a combo of upper and lowercase letters, symbols and numbers. This will deter people from using ‘12345’ as a password.

You can also install a plugin on your WordPress site that only gives someone a number of tries to log in to before they’re locked out.

5. Approve comments manually. Spammers love unattended comments! They can post links there that a) may drive traffic back to their site and b) may trick Google (however briefly) into thinking that their site has valuable content.

6. Clean up information that’s no longer relevant. Previous members, people who have cancelled, those who have completed your course… get rid of user info and payment info as often as you can.

By following these small business cyber security tips, you can minimize the risk that your website is going to be targeted by scammers or cybercriminals.

Don’t cut corners when it comes to protecting client information, and you can create a safe space for loyal fans who feel comfortable handing over their personal and payment info.

Of course, there are many more components to maintaining a secure website.

Is Your Business Vulnerable to Information and Cyber Security Risks?

Organizations and businesses often operate with significant risk due to an over dependency on reactive risk countermeasures and vulnerability scanning tools. This risk is of concern not only because of the high probability of attack to our IT systems, but also due to the low priority of information security activities when compared to other operational “necessities”. This complex organizational concern, almost assures that information and cybersecurity is NOT given priority until after a significant loss of information or system availability occurs an organization. This risk left unmanaged, subjects all stakeholders to loss of our privileged information and the high cost of system and incident recovery.

The attacks to our systems often target core mission and system services for the purpose of gaining privileged information and for denying access to key services. Gladly for our customers, and us there are risk management solutions that maximize security and provide significant resource and cost savings throughout your business development and operational lifecycle (NOT just when vulnerabilities are discovered). These risk management solutions, once implemented, provide for mission focus and continuous monitoring while also balancing security requirements with business vision, system functionalities, and operational capabilities.

Solutions should integrate businesses own lessons learned with operational activities to fill their own critical Information Security (IS) and cybersecurity gaps. Every business, or peer group, has unique risks that are managed. These solutions have roadmaps and experienced professionals that control the cost and/or complexity of increasing to an increased security level. These experienced professionals’ help in identifying and addressing specific business requirements into policies and plans that support the activities required by both the mission and supporting IS (cybersecurity) standards.

The solutions are implemented using multiple, often overlapping activities and include: 1) Aligning the business mission, vision, goals, objectives and IS value by defining IS requirements early, 2) Provide experienced industry program managers and IS professionals that will work alongside the many stakeholders, 3) Assess requirements and value, recommend solutions, integrate services, and sustain IS value, functions and capabilities to reduce risk, 4) Provide value focused system functions, capabilities, scalability, and performance that improves the mission and reduces risk to the stakeholders, 5) Leverage IS services for continuous monitoring and value added automation.

Risk Management is ultimately related to many projects and tasks that align with your vision and expectation of providing valued services at every level of your organization. Projects have distinct and important phases that are sequential; these project phases’ success or failure directly impact on and ultimately affects the success of the organization. IS is a significantly important piece of many ongoing activities in a diverse and expert environment. A combined program management, systems engineering, and IS professional approach will most quickly maximize mission efficiencies while improving fundamentals needed to meet and implement security controls. Management and technical activities, focused on mission needs, should follow tailored industry best practices to maximize operations, manage risk and be compliant with IS security requirements.

Improving operations and the sustainment of IS is best done from the top down, on both governance and technical levels. This approach has achieved improved operations and has avoided many problems associated with managing both risk and change. With the realization that risks must be managed regardless of the reduction to available funds today, we must view that any resource and cost waste is unacceptable. Thereby, all activities must be run “on purpose” as activities without purpose needlessly add risk and cost to the organization.

Using a tailored program management approach in meeting our security requirements and managing the risk that is always present, our teams must successfully implemented many tools and improvements that put the pieces together to define strategic IS vision, improve IS management and leadership, and improve IS tactical efficiencies.