Lots of training and security layers are needed to plug breaches

Register now

Data breaches can cost companies significant legal fees, not to mention countless hours in court and the damage to their reputation and to consumer confidence.

Target is an example of this reality. The megaretailer just settled its lawsuit over the data breach that occurred back in 2013. As retribution for the security breach, which impacted tens of millions of customers, the company will pay $18.5 million to 47 states and the District of Columbia.

While Target has the resources to pay this fee without threat of bankruptcy, local businesses don't necessarily have the luxury of such deep pockets. At the same time, cyber risk is on the rise for small businesses. Here are five tips to help small-business owners protect their companies:
Carefully select your mobile payments partner. Ensure the platform you work with utilizes off-site storage for your customers’ credit card data, and that the mPOS/POS provider deploys point-to-point encryption to appropriately secure sensitive data.

Train your employees and implement companywide security procedures. Educate employees on how to avoid compromised emails and to use strong passwords to decrease hackers’ ability to decrypt this information. Enforce strict policies governing where sensitive customer information is stored (e.g. not on personal laptops).

Multiple layers of perimeter security and encryption are necessary. It is not enough to purchase a business-class router with a firewall and secure your hardware. Your firewall must be configured properly by a trained professional. Anti-virus and anti-malware protection should be installed on both computers and mobile devices. It’s important to remember — especially if you have a mobile workforce — that cellphones are not immune from attack. If employees use their mobile devices to conduct business, it is best to invest in this extra layer of security.

It is not enough to have software installed. Run and monitor security scans on a regular basis. After each diagnostics session, review recommended actions and implement them if they are right for your business. While often seen as an inconvenience, do not ignore update requests — doing so will compromise your company's security.

Have a response plan. Every employee and contractor, whether on-site or remote, should know what to do if they believe company information may be at risk. They should be required to report the incident immediately. Though many small businesses do not have IT staff, you should strongly consider hiring a consultant or firm you can turn to in such circumstances to ensure a quick and effective response.

Cyberattacks may be on the rise, but that doesn't mean becoming a victim is inevitable. With the right preventative measures and best practices in place, small businesses can successfully secure their digital assets and customer data from fraudsters' prying eyes.

For reprint and licensing requests for this article, click here.