How to Prevent Data Theft at Your Business

When you think of security for your business, you may think about securing a jobsite or ensuring that tools and equipment are properly stored. It’s just as important to ensure that your company’s electronic data is safe. A surprising 58% of cyberattacks are against small businesses. The pandemic has led to more and more business being conducted electronically, so that number is likely to increase.

You can make it more difficult for cybercriminals to access your company’s data by following these cybersecurity tips.

1. Create Strong Passwords

You’re probably guilty of reusing a password across more than one site. It’s easy to do but carries a serious security risk. Once a criminal has a password for one account, it’s easy for them to log into others and steal data.

When you create a password for a new account, make sure it’s strong. Avoid common words or keyboard patterns, like 12345678 or QWERTY, and mix upper and lowercase letters, numbers and symbols throughout the password. Find more tips for creating strong passwords here.

2. Use Two-Factor Authentication

Two-factor authentication adds an additional layer of security when logging into a device or account by verifying a user’s identity twice. This makes it harder for criminals to log into your accounts. While there are different forms of two-factor authentication, a common type is receiving a single-use code on your mobile phone that you’ll have to enter after signing in with your password. Read this article to learn more about adding two-factor authentication to your accounts.

3. Only Open Trustworthy Emails

Phishing, or posing as a trustworthy entity to trick you into revealing data, is one of the most common ways cybercriminals target businesses. Before opening an email, consider whether it’s from someone you know or if it’s an email message you’d expect to get. If not, you may want to delete it. If you receive a payment or request for sensitive information from a vendor or supplier, first call them to verify it’s legitimate before completing the request. Remember, ABC Supply will never make a payment change request via email.

You should also avoid clicking on any suspicious email attachments or links, which can release viruses into your device. Other signs of a phishing attempt include strange email addresses or lots of spelling errors in the email.

4. Avoid Sending Confidential Information Electronically

You should take extra steps to prevent data theft of customers’ payment details or employees’ personal information. If you need to share sensitive information electronically, there are ways to help protect it.

• Add password protection to documents and share the password in a secure way. Learn how to password protect a Word or PDF document here.
• Encrypt your email. Find directions for encrypting an email based on the provider you use here.
• Use off-the-record (OTR) messaging to automatically encrypt data sent by instant message.

5. Back Up Important Data

Losing important data can be a significant setback for your business. Follow the 3-2-1 rule to make sure your data is safeguarded:

• Keep three copies of any important file
• Keep the files in two different places
• Store one copy off-site (e.g. a safety deposit box or a safe)

From cloud storage to hard drives, there are many ways you can back up your information. Read about the pros and cons of each here.

6. Train Employees on Data Security

You can be careful about your data security practices, but it won’t matter if your employees aren’t careful with your company’s data. Share cybersecurity tips with your employees and emphasize the dangers of weak passwords or sharing data electronically. The Cybersecurity and Infrastructure Security Agency offers many helpful resources for you and your team to learn more about cybersecurity. Also, encourage your employees to report any suspicious activity, like a strange email, to you.

7. Secure Your Vendors

You are likely using third-party vendors to add business efficiency or to supplement labor or skills. Unfortunately, many data breaches are caused by third-party companies having insufficient cybersecurity controls that don’t meet the needs of modern security concerns or the minimum standards you hold for your business.

When third-party partners access your network, they can put your business and its financial security at risk. Here are some key areas to focus on when monitoring your technology partners.

• Control access: Ensure that only those who need access have the least amount required to perform their work. Be sure to shut down access immediately when the task is complete.
• Safeguard your data: Protect your sensitive data while in storage, in transit or while being processed.
• Secure your network: Use firewalls, deploy modern anti-malware protection on all available devices and continuously monitor for and act against security threats.
• Secure the cloud: Cloud or hosted tools are not always secure — even with well-known companies. Ensure your data is always protected.
• Assess your vendors: Continuously assess the risk your vendors may pose to your business and take immediate corrective action.

While data is never 100% protected, you can ensure your business isn’t an easy target for cybercriminals by following these cybersecurity tips. Learn more about business technology from our Integrating Technology eBook.