You own or manage a small business. You have business documents stored on the office server. You may have remote-site employees taking customer information and orders on the road. Maybe you even own a couple of patents or other intellectual properties, described in detail and stored in the cloud. Even if you’re a small start-up, you have valuable information – Social Security numbers, bank account numbers, PINs, proprietary software – assets that you want to help protect from hacker attacks.

Here’s what the U.S. Department of Homeland Security recommends you do to help keep business data more secure from hackers.1

1. Start by training employees to "think security.” 

Your staff probably uses the same computer practices in the workplace that they use at home. Create an office security manual listing simple security measures and setting forth the business’ best practices to help protect against cyber-attacks. If you aren’t the cyber-security expert, hire one to train your team.

2. Update cyber security tools. 

First, install basic malware detection and protection software. Then, as you’re notified of updates, add these new security patches and other fixes.

3. Consider adding a hard-wired firewall to your office network.

It’s not 100% fool-proof, but hackers look for easy targets. If they see security updates and redundant layers of cyber-security in your office and on your website host servers, they tend to move on in search of an easier target.

4. Develop an action plan for mobile devices. 

Business today may be conducted using smartphones, tablets and other mobile devices that link and sync with office computers and servers. These devices may provide hackers an entry point into your sensitive data. Your action plan should answer these questions (and more): Is remote payment capture secure? Is data transmission heavily encrypted? Is each mobile device password-protected? Can you lock up your business smartphones just by calling them if they go missing? What will you do if a data-rich mobile device does go missing? Who needs to be notified? Your bank? Customers and clients?

5. Store back-up files off-site. 

You can have automatic back-up, but if your system is hacked you may not be able to retrieve business information you need to conduct business. Cloud storage, or even back-up storage in a different physical location, is recommended protection. If the home office is attacked, you can still access company data stored securely someplace else.

6. Create individual accounts for each employee.

 One employee may need total access, another view-only access. Employees must log on using their individual accounts and PINs. Set usage permissions with limiting employee access in mind. The fewer employees who can access sensitive business data, the fewer opportunities for breaches to occur.

7. Control physical access to computers and mobile devices. 

Make sure employees secure their laptops in a locked desk drawer at the end of the shift. An unattended laptop or smart phone may be an easy target for a thief, whether in your office, in an employee’s car, or at the local coffee shop. Make sure employees receive training and reminders about securing their devices.   

8. Secure office Wi-Fi networks. 

Check for signal leakage that can be grabbed by hackers patrolling office parks with a laptop and antenna looking for data leakage that can be exploited. Set your office network router to hide the office network’s name – its Server Set Identifier or SSID – when broadcasting data across the office or off-site. If you don’t know how to reset the office SSID, hire an IT professional to do it.

9. Regularly “clean” your office computers. 

Empty the Cookie file and Temporary Internet File at least weekly. Take out the trash by dumping the contents of your system’s recycling bin.

10. Finally, bulk up user passwords. 

Again, each employee must have a separate password. Change passwords every three months according to DHS guidelines. Change passwords when an employee leaves the company. For even more security, employ multi-factor authentication. Employees must log on using their own password, identify a picture, answer a security question, provide a full account number – in other words, make it hard to access company data.

To learn more about online safety strategies, visit Nevada State Bank’s web page with information on common online fraud schemes, their costs, and how you can help prevent them from happening to your business. Begin building your Layered Defense Approach before your business is affected.

Want to know more?

Click here for a NevadaSmallBusiness.com article on security concerns in the new work-from-home environment.

Click here for a NevadaSmallBusiness.com article on ways to prevent business identity theft.