High-profile global retailers have been wiping egg from their faces after a slew of high-profile data breaches, like the 56 million credit and debit cards potentially compromised at retailer Home Depot a few months ago. Before that, 40 million customers were in the crosshairs after hackers skimmed huge swaths of data from Targets records. But big-name companies and those who frequent them aren’t the only ones who should be worried; the little guys are also vulnerable. “Hackers see small businesses as low-hanging fruit, not as being unworthy of their attention,” says Kai Pfiester, owner of Black Cipher Security, a cyber-security firm based in New Jersey. In fact, a recent study released by Experian Data Breach Resolution and the Ponemon Institute found that 43% of companies had experienced a breach in the last year. That’s a lot of stolen data. The need to protect your data is greater than ever. Here are the steps you should take.
Web Hosting: Luckily, there are things you can do to protect your business. For many decorators and distributors, it comes down to choosing Web-hosting services and other online products that are established and trustworthy, says JP Hunt, vice president of sales and marketing for InkSoft, an Albuquerque, NM-based software developer that provides e-commerce and business tools for decorators. “In most cases, if you do choose the right provider, you don’t have to worry about security because security is part of our reputation,” he says. “There are economy and amateur solutions … but Web hosting is not the place to save money.”
SSL Certificates: The most common method of protecting online data is to use Secure Sockets Layer (SSL) encryption technology. SSL certificates are like a secret handshake between two servers, ensuring data is transmitted privately. You can recognize whether a site is using SSL if the Web address begins with “https,” rather than simply “http.” Some SSL certificates will also add a green bar or tiny padlock icon to the browser to show the site is secure. SSL providers will often give out an emblem that can be posted on a website to show off its secure status. In the past, the trend was only to use such certificates for sensitive pages that require data input because encryption slows sites down, Hunt says, but that’s changing. “It’s getting more exposure now,” he says. “Many consumers are getting concerned about security, asking, ’Is this website safe?’ ”Having a prominently displayed SSL certificate has become a marketing tool, Hunt says. (InkSoft offers free basic SSL certificates to customers.) SSL certificates are available through some Web hosts; also look to digital security companies such as Symantec.
Firewalls: For companies that host their own servers, it’s important to have a strong, commercial-grade firewall in place to help separate your network from the outside world, says Melissa Minchala, CEO of DataVelocity, a managed IT services and solutions company in New York. The cost will run businesses anywhere from a few hundred dollars to a few thousand. It’s also a good idea to have centrally managed virus protection software that limits viruses, malware and Trojans, she adds.
Data Back-Up: Small businesses should regularly back up their data, both locally and remotely through an encrypted connection. “That way, should anything happen to the hardware, the database or the data in any manner, there are less points of failure,” Minchala says. Consider secure cloud-based data backup services, like Carbonite or Crashplan (which will cost close to $1,000 a year), and a Managed Security Service Provider (MSSP) to ensure your system and data are protected, Pfiester says. – Theresa Hegel