Having an online presence is a must to run and grow a business. With that necessity and convenience also comes the responsibility to protect your business and clients' information. Not taking the proper online security steps could expose your business and clients to professional criminals trying to steal credentials, personal information or infect your computer network with malware for their financial gain.
Cybercriminals know smaller organizations may not have the budget to invest in sophisticated security software that uses the latest technology or enough resources to take the same cybersecurity measures a much larger business may be able to take. Unfortunately, criminals aren’t afraid to exploit the situation.
Costs climb higher for the U.S.
The United States has the highest data breach costs and has held that position since 2010. In 2023, the average total cost of a data breach in the U.S. rose to $9.48 million. The average cost associated with a data breach against businesses with fewer than 500 people has risen to $3.31 million.
The Federal Trade Commission (FTC) has developed 10 cybersecurity tips to help you recognize vulnerabilities that could strike your business and help reduce the risks they pose.
1. Start with security
Consider how data collection will be managed for departments of your business — personnel, sales, accounting, information technology, etc. Keeping these guidelines in mind could help reduce the risk of the data being compromised:
Only collect personal information you need.
Retain it for only as long as there’s a legitimate business need.
Control who has access.
2. Control access to data sensibly
If there’s a legitimate business need to keep sensitive data, it’s time to secure it. It’s important to protect it from outsiders, but don’t forget about your own employees.
Not everyone on your staff needs unrestricted access to your network and the information stored on it. For your network security, consider steps such as separate user accounts to:
Restrict access to where personal data is stored.
Limit administrative access to employees whose job it is to make system-wide changes.
3. Require secure passwords and authentication
If personal information is stored on your network, strong authentication procedures and good password hygiene can help protect it from hackers. Trying tips from the FTC could help reinforce data security and reduce the risk of cyberattacks in your practice:
Require your employees to use complex and unique passwords.
Institute a secure password storage policy.
Suspend or disable accounts after repeated login attempts.
4. Store sensitive personal information securely and protect it during transmission
Collecting sensitive client information is part of your business. Fortifying security practices during the whole information lifecycle can help protect your business and your clients. Depending on the type of information collected, how you collect it and how it’s processed, these methods could help:
Use strong cryptography to store sensitive information.
Encrypt sensitive data during transmission using industry-tested methods.
Properly configure encrypted data.
5. Segment your network and monitor who's trying to get in and out
When designing your network, consider using tools like firewalls to segment your network, which limits access between computers in your network and between your computers and the internet.
Another useful safeguard: Watch who’s entering and leaving your network with intrusion detection and prevention tools.
6. Secure remote access to your network
If you give employees, clients or service providers remote access to your network, take steps to secure those access points. Limit access to only what's needed for getting the job done.
7. Apply sound security practices when developing new products
Say there’s a new app in the works to give clients a convenient way to connect with you. Early in the development process, think through how they will most likely use it.
Consider if clients would store or send sensitive information.
Make sure the app can handle that data securely.
Test privacy and security features before rolling the platform out to your clientele.
8. Make sure your service providers implement reasonable security measures
Keep a watchful eye on your service providers — for example, companies you hire to develop apps or process personal client information. These steps can help protect everyone:
Select providers that can implement and verify appropriate security measures.
Monitor providers to make sure they’re meeting your requirements.
Write required security protocols into your contract with them.
9. Put procedures in place to keep your security current and address vulnerabilities that may arise
Securing your software and networks is an ongoing process that requires diligence to stay protected. If you use third party software anywhere on your networks:
Apply updates as they're issued.
Pay attention to credible security warnings.
Move quickly to fix vulnerabilities.
10. Secure paper, physical media and devices
Securing information stored on your network won't protect your customers if the data has been stolen through the device that collects it. Think through all points where sensitive data could be accessed:
Keep your office secure.
Implement a policy to securely store documents.
Consider laptops, external hard drives and mobile devices that you or others use on the road.
Dispose of sensitive data:
Shred, burn or pulverize documents to make them unreadable.
Leverage available technology to wipe devices that aren’t in use.
It’s never too soon to improve cybersecurity
Try these tips from the FTC to help protect your business and client information. For small businesses, the FTC also provides cyber planner, a useful online tool to help you start building a custom cybersecurity plan and a menu of expert advice to help with your business needs and concerns.
Insights on Athene Connect. Tips, tools and rescources to help grow your business by helping clients retire with confidence.