How to protect your company data - Pro Construction Guide
Buscando este contenido en español? Haga clic aquí.
Menu
How to protect your company data

How to protect your company data

Protect your company data 600x348Contractors and remodelers fixate on tools, personnel and processes to grow business and profit. Yet an important aspect of their businesses, Information Technology (IT), doesn’t get nearly as much attention.

Hackers know that.

Limited budgets and a lack of technical expertise have made small and mid-size businesses a growing target since 2010, says software security firm Symantec.

Unfortunately getting hacked, losing your company’s data and disruptions from computer viruses are becoming more commonplace for small and mid-size businesses, including contractors and remodelers.

A common refrain is: “Why would anyone want to hack my company?” IT experts say it’s not you or the company hackers want, it’s your data – customer email addresses and credit card information, employee social security numbers, and banking and other financial information. They use the data to steal identities, transfer funds from business accounts, make unauthorized purchases with stolen credit card numbers and, sometimes, extort money.

So now that you understand the risk, what’s the most cost-effective and efficient way to protect your company data?

Data security plans

Data security plans are not a one-size-fits-all solution. Your choice should be based on how your business operates and the type of data you store.

If you don’t understand what you have and what you need to protect, work with a professional who can conduct an IT audit. Your sensitive data should be encrypted as a first defense to protect your company data, but other data protection controls are necessary.

Use strong passwords

Passwords are the key that provides access to your data. Strong passwords contain at least eight characters with a combination of uppercase and lowercase letters, numbers and symbols. Never use words found in the English dictionary. Cyber criminals use tools that easily detect such words.

Here are some guidelines for password use.

  • Don’t use the same or similar passwords for multiple accounts
  • Separate business passwords from personal account passwords
  • Always change default passwords that come with new accounts and software
  • Change weak passwords to strong ones and change passwords every 30 to 90 days
  • Don’t reveal administrative passwords in any electronic communications, including emails
  • Store passwords offline. A “secret” Microsoft Word document is not safe enough
  • Delete all passwords and accounts used by former employees

If you need help managing and generating strong passwords talk with an IT pro. Consider using a free or low-cost password management tool that securely stores all your passwords in the cloud and gives you easy access using one password.

Back up data

A backup system copies and archives your data. It can then be restored if the original data is lost or corrupted.

How often you back up data depends on your business operations. Don’t do backups manually; use a reliable, inexpensive automated backup program. To select an automatic backup, determine:

  • What data should be backed up
  • How often data backup should occur. Consider safeguarding proprietary data and intellectual property, including processes for bidding and estimating, accounting and customer information, applications and databases
  • Where the backup is stored (locally, in the cloud, or both) and how backup storage space is organized (segment by department perhaps)
  • How the process can best be managed for your company
  • Who will review logs and reports, and how often
  • Who will test the backup system, and how often

An IT professional can advise you on a backup solution for your company.

TIP⇒

When you store data in the cloud, the burden of securing that data lies with the security service. For that reason, many IT pros see it as a good solution for small businesses. Microsoft, Verizon and Symantec are some of the big-name providers.

Protect against viruses and malware

To protect your company data and keep your system protected from viruses and malware, keep your software up to date, including apps. Enable the auto update feature that comes with most software. Use the latest anti-virus software. Minutes count when there’s a data breach.

Malware can damage your software, steal private information and sometimes gain control of your computer or electronic devices. It can install code that captures keystrokes, including login information.

Phishing, through email and social media, is one way cyber criminals prey on unsuspecting employees to gain confidential information. They pretend to be a trustworthy source or use the name of someone familiar. They often include links to websites that contain malware. Spam filters and email authentication help eliminate phishing.

However, technical solutions alone have not stopped the damage phishing can cause. Employee awareness is required. Instruct employees to avoid clicking on questionable links in email and/or opening attachments. They should never share confidential information without confirming the source first.

Firewalls can help block viruses and malware, and can be as simple to use as enabling the firewall feature on your PC or Mac. Consult an IT pro to understand what firewalls do and how they should be configured for your business.

TIP 

The sooner you know about a computer virus, the faster you can respond. You can keep up with security alerts and tips through the National Cyber Awareness System website operated by the U.S. Computer Emergency Readiness Team (US-CERT).

More best practices to protect your company data

Don’t sell or give a business computer to any person or organization before physically removing or electronically wiping the hard drive. This is best left to an IT professional or trained technician.

If your website has been compromised, report the malware to stopbadware.org, a not-for-profit program directed by Dr. Tyler Moore at the Security Economics Lab at the University of Tulsa. The site contains many resources for avoiding online malware and protecting personal computers.

Include a provision in your contracts with subcontractors and suppliers to ensure they take reasonable security precautions, such as data encryption. Also include a provision that requires you be notified if a data breach occurs at their company.

Likewise, if a data breach occurs at your company that impacts others, notify them as soon as possible. Transparency is highly regarded in the IT community. By keeping your data secure, you’re not only protecting your company but all of your customers and the companies you do business with.

Understand your vulnerability

Credit card processing organizations, including Visa, MasterCard, Discover and American Express recently changed their liability rules. As of October 1, 2015, if businesses aren’t using EMV-compliant devices to accept credit card transactions, liability for fraudulent transactions is now the responsibility of the business that accepted it.

EMV is a global standard for credit and debit payment cards based on chip card technology. EMV stands for Europay, MasterCard and Visa, the companies that developed the standard.

−By Mary Klest


Featured Products

Sponsored Messages