Businesswoman holding tablet pc entering password Security conceptHow secure is your data from online threats? These four essential steps can help:

  1. An employee with a weak password can lead to big trouble. The data breach at Sony Pictures showed that a massive breach can start with a weak password on an email account. Social media and telecommuting are prevalent in our society and work places. They’re practically required benefits for employing Millennials, so you have to expect them and prepare for them. Through these channels, employees could be considered soft targets of expert hackers. Do employees regularly access sensitive content from personal smartphones, tablets or laptops? Your security policy needs to include mobile devices, which should include policies, procedures and training so employees understand and comply, even in their private activities. If people undermine it, security technology will fail.
  2. Lock up your cloud apps. It’s simple for an employee to sign up to sites such as Dropbox, Imgur, Facebook, Google+, Picasa and GitHub. Why does this matter? These accounts can create a blind spot for your organization. Do you know what employees are doing with data that gets stored outside of your infrastructure? Cloud applications offer unprecedented convenience, making their use enticing, easy and, well, convenient. Does your company have a gateway that vets these applications? Can you see the risks so you can set up policies? IT blind spots can open you up to the risk of potential breaches.
  3. Small businesses are most vulnerable. Competitors and “hactivists” target small businesses because of costs. They use cheaper hosting that doesn’t protect against threats such as DDoS attacks. Hackers-for-hire can be found on the black market for as cheap as $20 a day for the job of creating DDoS attacks on anyone you want, repeatedly. This practice might be employed by a competitor in an attempt to lower your search rankings and increase their online presence. Small businesses may also be without backup resources, so an attack could wipe out the entire database of their online store, leaving them without history, data, product or sales records. What’s a small business to do? Mirror the big corporations: set up firewalls on your website; set up IP restrictions; install anti-virus and anti-phishing software on mail and servers; set up BYOD policies for employees. When a small business has strong security, it portrays a brand that can be trusted.
  4. Knowledge is power. Protecting yourself is simpler when you know who is attacking you. Your business needs the ability to monitor your own data. Many breaches aren’t discovered for months or even years, because of lack of monitoring. You need to set up visibility into the WHO and the WHAT of your data infrastructure. Should an attack occur, you would know if it was internal or external and what access points were and then implement actions to prevent future breaches. If you can track the flow of information for your business, you can prevent a breach or quickly address it in the event of a hack.