The following is a guest post by Roy Rasmussen, co-author of “Publishing for Publicity.” Rasmussen is a freelance copywriter who helps small businesses get more customers and make more sales.
Security — physical, cyber and financial — is a growing concern for today’s small businesses. According to The Hartford’s claims data, theft is the most common type of small business insurance claim; and in terms of cyber attacks, a survey conducted by Duke University/CFO Magazine Global Business Outlook claims 80 percent of U.S. companies have been successfully hacked.
In this high-risk environment, it’s essential to take proactive measures. Here are some steps you can take to protect your company’s building, business records, and bank accounts.
Protecting your business starts with internal security — by watching what goes on inside the workplace. Forty-three percent of revenue lost from theft by U.S. businesses comes from employee theft, according to Deyle and Checkpoint Systems’ Global Retail Theft Barometer.
Installing a security camera system can help you keep an eye on what employees are up to. Train your staff in security policies and procedures and let them know you monitor your workplace. Keep track of all keys issued to employees and require employees who leave the company to turn in their keys.
Fences or Locks
You should also take steps to guard against outside intruders. If you have a whole complex, fence it off. If you have a smaller space, sophisticated deadbolts and heavy screens on windows might do the trick. A pin cylinder lock with a deadbolt is the most secure type of lock, says West Bend Mutual Insurance. Use security cameras to monitor entry points, and make sure these entry points are adequately lit. Install an alarm system to alert you and authorities to unauthorized entry attempts.
Security provider Kroll recommends taking a company-wide — not just an “IT department-wide” — approach to cyber security.
Establish policies that cover everyone who uses your company servers — from employees to third-party vendors. Make this training part of your employee onboarding strategy. When employees leave the company, establish policies for blocking their access to company servers.
Train employees in how to choose secure passwords, or assign them passwords. Long character strings with a mixture of alphanumeric and special characters are the most secure.
Using a password manager software program to assign and manage random passwords can strengthen them. Use two-factor authentication to verify users.
Unsecured Connections or Outdated Software
Teach your employees to avoid unsecured connections. This is the first defense against viruses and phishing scams. Make sure all devices connecting to networks are protected by up-to-date versions of operating systems and applications, with antivirus programs running.
Make sure offsite data is stored securely. Develop a plan for how you will respond in the event of a data breach or a lost employee mobile device.
To reduce the risk of a data breach, practice a data minimization policy. Don’t collect data you don’t need, such as customer credit card numbers, which can be handled by a third-party vendor so they’re not processed on your website. Purge your system of sensitive data once it’s no longer required. For instance, don’t retain records with employee Social Security numbers longer than required for legal purposes. Restrict access to sensitive data to personnel who truly need to access it.
To protect your company’s finances, be careful about managing business bank accounts and credit cards.
Business vs Personal
Separate your personal and business finances so that a breach of your business finances does not become a breach of your personal finances or vice versa.
Deposit funds in a business bank account, and make business-related purchases on a dedicated credit card.
Protect financial paperwork by storing it in a secure location such as a safe. Establish mail pick-up procedures so that financial paperwork is not left unattended in mailboxes. Shred sensitive financial documents when disposing of them, rather than simply throwing them out in the trash.
PINs and ATM Cards
Shield your PIN number with your body or hand when entering it into an ATM machine. Before using ATMs, check machines for signs of skimming devices, such as sticky residues or adhesives, extra keyboard attachments, or resistance when pressing buttons.
To guard against the event that your finances do suffer a breach, contact your financial provider and law enforcement if you know or suspect your finances have been compromised through identity theft or credit card theft.