How to protect your small business from cybercrime

Regardless of your business, someone will try to steal data, use your computer to spread viruses, or simply hold your systems for ransom.

CPA and law firms are lovely targets, as are manufacturers, or even restaurants. If you have email, hold social security numbers or bank account numbers, or accept credit cards, your business is attractive to the bad guys.

Getty Images (g-stockstudio)

You wouldn’t cancel your insurance simply because there’s been no recent fire. Keeping data safe is no different. You really have no choice.

In fact, small companies are considered better targets because of expected weak security.

Almost any business under $1 billion in annual sales should outsource computer and data security to an expert firm. Why? Computer systems, from network design and maintenance, to application support, to managing legality of installed software, to mobile and desktop devices, are growing increasingly complicated and critical every day.

Add Internet of Things (IoT) and required resources expand further. To expect internal personnel to provide expertise in every technical arena is unfair and impractical.

The impact of the IoT

Think IoT doesn’t impact you? Does your restaurant use mobile devices to take orders and communicate them to the kitchen? If so, you likely use your secured Wi-Fi network, which is connected to the internet. Passwords help, but are not a stop sign. Do you accept credit cards on those same devices?

Do employees save money by using free hotel or coffee shop Wi-Fi? Do you and they use home internet to access your network? Do you use airline Wi-Fi?

Yes, Virtual Private Networks (VPNs) are very helpful, but not foolproof. I know this sounds paranoid, but it’s not. It’s simply the world in which we now live.

I know $50 million manufacturing companies that continue to use tape backups and make a weekly exchange from their bank safe deposit box. I know CPA firms that rely on the spouse of an employee to provide IT security expertise. All nice, well-intentioned people who simply don’t get it.

When I was meeting with a technical expert in a coffee shop, in under one minute, he easily entered the system of the car dealership next door. He left it equally quickly, but made his point clear.

Keeping data safe

As a business owner, you have a responsibility to keep data entrusted to you safe. As a business owner, you have data that you prefer others don’t see. As an owner, expertise in your produce and services, markets and business is simply not enough anymore.

Just as you can’t be expected to personally be an IT expert in all arenas, neither can the person or small service provider you count on.

I encourage my clients to have a complete IT systems audit by a qualified IT firm every year. Your well-intended support can overlook something, or simply not be totally current.

In reviewing the audit results, document who is responsible for maintaining legality, uptime, application expertise, system security, and every other element of your information technology systems. Ensure the resources are fully qualified in the assigned area, and test follow-through regularly. Expect this to include a mix of internal and external experts.

Think you can’t afford all this to keep your data safe? Businesses accept labor, materials and overhead as normal expenses. You wouldn’t cancel your insurance simply because there’s been no recent fire. Keeping data safe is no different. You really have no choice.

As published on American City Business Journals