Cyber liability and data breach are becoming bigger issues for all business owners. You see the headlines for large business, but small and mid-size businesses are hit all the time. Here are a few simple improvements you can make quickly to improve your defenses.
1) One of the first key and easy things to do is to make sure your passwords are all long, use several kinds of characters (there are around 95 characters on a keyboard, not just 26) and don’t have company or employee names in a password.
(26 possible characters in a 4 character password is less than half a million possibilities and can be cracked faster than you can type it. If you only count 50 possible characters for each place in a 10 character password, you have about 97,650,000,000,000,000 possibilities and should slow the bad guys down. That leaves you with malware and employee caused data breaches to worry about, but it’s a start.)
Don’t let employees tape their passwords to their monitors. We see this all the time in client’s offices. And some owners keep their passwords written and “hidden” in the uppermost left-hand drawer of their desk.
How many passwords does it take to get to your data? One of our clients has a start-up password on each computer. Then they have a cloud service for their operating systems, so each employee needs a second password to open that. And there is a third password to open client data at the cloud center.
Note that sensitive data is not stored on the computers in that 
client’s office. They’re still vulnerable to some kinds of malware, such as those that capture keystrokes. But a good firewall, up to date protective software, and restrictions on what employees can do with the company’s computer help.
2) Don’t let employees use the office computers for anything other than work. And warn them not to click on offers, package tracking, offers from foreign nobles who need help getting their hands on money, or all the other fishing (phishing) attempts that cross their desks. You’d think nice, honest, dedicated, intelligent employees would know better; remind them anyway.
3) Keep track of who has any access to key information.
4) Have an up to date firewall, an up to date router, and malware prevention software. The first three practices won’t cost you any money. These will but they’re worth it. Lost client info will cost you a lot more than an annual contract with a good IT services provider. Some will conduct a free network audit to give you an idea of your problems. http://www.it-radix.com/it-support/ leads you to a company working in Northern New Jersey. We like their work; we don’t get anything for recommending them.
If you’d like to talk with us about your exposure if you were to have a data breach, please call us at 800-548-2329. There are cyber liability insurance products available and multiple markets.
