We live in an age of expediency and convenience. The digital revolution has changed the way we live and do business. As a society we have become accustomed to having information and services at our fingertips. At our slightest whim of curiosity we can look up a random sports stat or check our latest bank balances. We can order groceries online and track the status of our latest package. But everything comes with a price, and the accessibility of the internet comes with inherent risks that we must be aware of. Criminals are quick to adapt technology to their own dark advantage, and those who are not wary will quickly become the next victim.
How can we find a safe balance between efficiency and security?
Using the internet safely is similar to driving a car. You don’t need to become a mechanical engineer to successfully drive, but it is important to have a basic understanding of how the vehicle works. You don’t need to know how to change your own brakes or align your tires, but you do need to recognize the tell-tale signs that it’s time to take your vehicle for professional servicing. You also need to understand the rules of the road and learn to be a defensive driver. Those are basic survival skills. The same applies to using online technology. It’s essential to know some basic security precautions and have a trusted IT person available to provide guidance when needed. A little prevention could prevent a costly and painful disaster.
A wise proverb says that ‘the shrewd one sees the danger and hides from it but the inexperienced walks right in and suffers the loss’ – Proverbs 22:3.The security risks we face as business owners can at times feel overwhelming. The world we live in has some pretty shady actors, so we can’t take the luxury of being naïve about data security. We need to make a careful assessment of our risks and then take practical steps to protect our businesses.
So what basic steps should we take to protect ourselves and our businesses in this ultra connected world?
We need to make sure that our devices and the way we connect to the internet are secure. That means keeping our computer operating systems up to date, using effective virus protection and firewalls, avoiding public wi-fi, and protecting our online access with strong passwords. It also means making sure that the devices we are no longer using are safely disposed of.
Employee negligence is the main source of cyber breaches. Our people need clear guidelines and constant training so that they can recognize potential dangers. Each business should establish a written policy regarding data security which should be signed by all employees. If staff will be working outside the safety of the office, business owners should make sure to provide appropriate equipment and connections. Discourage mixing personal and business on the same devices. Make sure that each user has their own individual sign-ins to software and cloud based apps, and encourage them to take advantage of multi-step authentication for sign-ins. The National Institute of Standards and Technology has provided some excellent guidelines for teleworking.
Do we know who we are hiring? Did we check references and perform background checks? Are existing and potential employees discreet about the information they reveal in public and on social media? If our employees need access to sensitive client information, should they be bonded? Do we have appropriate insurances to cover security breaches?
Think seriously about access levels. Who needs access to what information in the office? Does the system we use have an audit trail? Are we providing the necessary oversight and segregation of duties? Do we have solid procedures in place to protect sensitive information such as payroll data, social security numbers, and credit card information? Adjust user permissions according to the access needs of the employee and only provide as much access as is needed for their job. In case a user identification is hacked, limit how much information could potentially be exposed.
As business owners we need to realize that our internal systems are only as strong as our weakest link.
Cybersecurity should be a major concern for all businesses today, big or small. The digital revolution has brought many benefits to small businesses, but it can be a two edged sword so we must learn to use it wisely. We need to be aware of current threats and potential vulnerabilities, and take steps to minimize the risk of an attack. The website of The Cybersecurity and Infrastructure Security Agency is an excellent resource for small businesses to keep up-to-date on the latest issues in cyberthreats.
Did you know that statistically, driving a car is the most dangerous activity that most of us do each day? But that doesn’t stop most of us from getting behind the wheel. We choose vehicles with high safety ratings, we strap on our seatbelts, and we focus on the road. It’s a calculated risk that we are willing to take because it gets us where we need to go in a very efficient manner. Likewise, keeping our data safe requires constant vigilance, education, and communication. The Small Business Administration has provided comprehensive guidelines for identifying risks and establishing best practices for cybersecurity in the workplace. We never want to take our data security for granted, but by taking the necessary precautions, we can manage the risk.
The staff at Level and True Accounting Services LLC take data security very seriously. We are very careful when handling sensitive business and personal data and routinely educate our clients to do the same. Cloud accounting provides unique tools and opportunities to safely and efficiently share information. Having good accounting procedures in place, both in the office and online, can help protect businesses from cyber attacks. We’d love the opportunity to evaluate your systems to see how they can be improved.
– Written by Gina Palacio, Owner of Level & True Accounting Services LLC