February 14, 2019

3 Must-Have Security Protocols to Protect Your Small Business Data

Written by
Why is TechnologyAdvice Free?

Humans make mistakes. They leave their phones in bars, they lose their laptops, and they hit reply all to company-wide emails. Humans also knowingly give away company secrets to gain favor or steal ideas to go out on their own. Even worse, they can expose personal identifying data (PID) to the public for money or fame.

These behaviors don’t just affect financial firms or high tech companies, either. If you have employees, you store PID. If you sell a product, you have proprietary secrets. If you own an email list, you store contact information. Businesses of all sizes manage data that could mean the difference between increased profits next year and going bankrupt due to lawsuits. In fact, according to Verizon, 58 percent of data breaches happen at small businesses. A shocking 60 percent of small businesses hit by a cyberattack will go out of business within six months of the attack. And in today’s increasingly digital and mobile work environments, it’s more important than ever to safeguard your company’s data from potential threats.

Threats come in many forms:

  • Current employees
  • Recently terminated employees
  • Contractors
  • Competing businesses
  • Cybercriminals

These threats have one thing in common: they’re humans who — knowingly or not — expose company information. The best thing your company can do is put into place software systems and behavioral guidelines that protect your company’s data.

To truly safeguard your data, your company should have a healthy mix of data use rules and digital security measures in place. While encryption, password protection, and expensive security software can secure your company’s data in the digital realm, these tools are no match for employee actions that put secrets at risk. While many companies invest heavily in digital security protocols like data encryption, they often forget about the rules and guidelines that guide how employees access data — rules that, when followed correctly and consistently, are just as effective at securing data.

These are the top 3 security protocols your company should implement. To access our complete list of must-have security protocols, download our whitepaper.

Multi-factor authentication (MFA)

What is it?

MFA and its popular subset, two-factor authentication (2FA), are ways of securing access to password-protected sites by asking for unique pieces of identification from the user. Users can only access the password-protected information or application if they possess all of the requested information.

MFA is commonplace for highly sensitive apps for online banking, credit cards, and other financial applications. These may ask the user to answer a security question like “What’s the name of your hometown” or “What was the name of your first pet” in addition to a password. The user should provide an answer that is easy for them to remember but difficult for a casual hacker to find. Other business apps may send a unique code or use an authenticator app to generate a unique time-sensitive number called a Time-based One-time Password Algorithm (TOTP) for the user to enter.

How does it protect your data?

MFA and 2FA add an extra layer of security to sensitive apps by requiring more than one password. This significantly cuts down on the likelihood that a stranger could force entry into your account by guessing the password through random password generation or even with access to a list of customer names and passwords. MFA should be used in conjunction with other security protocols like VPN, however, as it only guards the login stage of app use, and could be susceptible to phishing or man-in-the-middle attacks where another user intercepts your data after you access the app.

Do this:

Most software as a service (SaaS) providers have MFA or 2FA options you can configure in the app’s settings. Some will allow administrators to activate MFA for the entire company instance from within the admin settings, while other apps require each user to turn it on for their individual account. Contact your software company’s support to get more information on their MFA and 2FA options.

Corporate password manager

What is it?

A software that securely holds the passwords for all employee and business accounts. Corporate password managers often have desktop apps and browser access that autofill usernames and passwords for sites they recognize. This software often facilitates the generation and storage of secure passwords with random letters, numbers, and symbols.

How does it protect your data?

Corporate password managers only require users to remember a single main password that grants the user access to all of the stored passwords. The tools also let users securely share passwords. Because the company owns the password software license, it can cut off access or change passwords to sensitive company software for offboarded employees. This reduces the number security breaches from unsecure practices like writing down passwords, sending them via unsecure channels like email, or storing them in a text file on the computer.

Do this:

Review the corporate password manager software that meets your needs. Some of these accounts can log how often your employees use the tools, while others build a secure wall around individual accounts. You’ll also want to check that your password manager of choice has some built in security features like MFA and encryption. Once you’ve made your choice, buy a software seat for every member of your team and enforce the tool’s use. Consider running a company-wide training to boost adoption.

Solid password manager software options:

Termination and offboarding protocols

What are they?

Termination and offboarding protocols govern how access to company data is secured when an employee leaves a company. This includes deleting or turning off access to individual accounts, changing passwords, deleting apps from personal and company computers or mobile devices, and handing over sensitive documents.

How do they protect your data?

Even employees who leave amicably could put company information at risk. While most former employees won’t actively give away company secrets as retribution for termination, they can inadvertently expose information they didn’t know was left on their devices.

Do this:

Make an offboarding checklist that includes all possible employee accounts and complete the checklist at every offboarding. You can simplify this process with a corporate password manager. Consider including these items on your checklist:

  • Employee logs out of all accounts on company hardware which is then checked by and left with a member of the IT department or HR
  • Employee logs out of all company accounts on personal devices in the presence of offboarding staff
  • Employee shreds any non-vital company documents or hands over vital documents before offboarding meeting
  • Offboarding staff member turns off access to email, password manager, and company accounts during offboarding meeting.

Your company can do much more to protect its data, and putting these three protocols into place is just the start.

Download the full list of must-have security protocols here.

TechnologyAdvice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don't pay us.
In this article...