Business Data Security: 57 Experts Reveal Their Best Advice

While many businesses are still assessing the odds of being breached, hackers keep improving their data intrusion methods.

The reality is that no company is safe. Even small businesses are targets and increasingly so. Earlier Ponemon Institute research report showed that 50% of surveyed SMBs had been breached in 2017. Only 14% were found to be able to mitigate risks, which is an alarmingly small figure.

In the enterprise ecosystem, millions of dollars are being invested in security systems, staff, and training. Such investments usually pay off, but failures still happen due to simple mistakes and overlooked basic steps.

These trends illustrate the increasingly complex, unpredictable, and confusing cybersecurity landscape.

To help you understand how you can avoid a devastating scenario in your business, we asked entrepreneurs like you to share their best data security tips. They were an incredible help in creating this article, and we are grateful for their time and effort.

Take a look at what they said!

1. Data Protection: the devil in the details

Like any other business, our company wants to keep our data safe. We did it all – advised employees to use different passwords for their different accounts, don’t save them on the PCs, don’t share sensitive information with outside people, (if they are not sure if something fits these criteria, better not discuss it). We did everything to be secure.

Or did we?

Something escaped our attention.

You know how there are different sharing options on Google Drive documents, sheets, etc.? Well, now it appears that people occasionally just copy the shareable link to give it to colleagues. That is not OK. This way, the link can go into the wrong hands.

And while you may think that there isn’t any sensitive information on this document or sheet, why risk it?

It is pretty disturbing when viewing a private document with disclosed information, then some Anonymous Hippo appears and starts highlighting text. There’s no way of tracking who that is. Learn from our mistakes.

Check your sharing settings.

Veronika Adriane, Marketing and Social Media Expert, Fantastic Services Group

Veronika Adriane is a social media specialist and marketing entrepreneur working with Fantastic Services Group. She is passionate about her job, and is always on her quest for improvement.

2. Layer your business data security strategy

Many businesses cannot afford to think outside the box when it comes to data security. They need reliable, cost-efficient solutions with a strong ROI for everything, especially data security. As an IT firm working with SMB, we advise our clients to build data protection in layers because not one single tactic is bulletproof. Three best tactics:

Stephen Tullos

Stephen Tullos, Team Leader,My IT

Stephen Tullos is My IT’s Cybersecurity Team Leader, a retired Army Ranger, active Air Force Reserve in Cybersecurity. He is certified as an Ethical Hacker, Mile 2 CVA for Cybersecurity, CompTIA Security+, and Microsoft Certified Professional (MCP).

3. Plan for the worst-case scenario.

It is not a question if something will go wrong but when. That is why every small business should plan for the worst-case scenario it can think of. For many, that would be a complete loss of all data. To mitigate that risk, develop an appropriate backup plan that involves keeping offsite backups and testing data integrity on a regular basis.

Next, consider the network perimeter. That means reducing the ability for an attacker to penetrate the network by ensuring a firewall is in place, backed up by appropriate data security software and complemented by virtual private network access for all remote employees.

Lastly, given how many successful attacks rely on human error or lack of knowledge, you need a robust employee security training and awareness program. It will ensure that all employees know how to spot common and active attacks, such as ransomware and phishing.

Lee Munson, Security Researcher at Comparitech.com

At Comparitech, Lee writes a wide range of articles, covering security topics of relevance to both SMBs and home users. He is an InfoSec Professional (training, awareness & comms), security researcher, PR, and award-winning blogger.

4. Consider cloud solutions.

Protecting your data as a small business is crucial. One data breach could spell disaster, but there are ways your company can avoid this type of situation.

Charlie Trumpess, Marketing Manager at Modern Networks

Over the last decade, Charlie Trumpess has worked for a number of B2B technology companies across EMEA. He’s a Member of the Chartered Institute of Marketing (MCIM), a CIM Chartered Marketer, qualified gamification designer and an experienced channel marketer.

5. Keep your data organized.

Before you rush to a technical solution, sit down and think about what data resides on your systems and where.

Next, create a little spreadsheet that divides the type of data you hold into levels of importance. Customer data such as credit card numbers should sit right at the top of your list, for example. Secure the most critical, sensitive data first.

Less important data will need less security. You will also want to think about policies and user access privileges.

Good security requires in-depth defense. Ensure you have endpoint security on every business computer and mobile device, implement proper patch management and strong passwords policies, establish proper access controls and regular data backups.

If the worst happens, being able to recover your data quickly might make a difference as to whether a hack is a minor inconvenience or a major disaster.

Create containers and even hidden containers using disk encryption software, so you can keep important data encrypted on a laptop or PC even when it is open. Full disk encryption is great if someone steals your PC when it is switched off, but when it is open and running the encryption is also off, providing no protection against a cyber-attack. By using containers, you can isolate sensitive data and keep it encrypted while you work.

business data security expert

Tyler Riddell, Vice President of Marketing, eSUB

Tyler Riddell is the Vice President of Marketing with over 15 years of experience in Marketing, Product Management, Advertising, and Public Relations.

Jeremiah Talamantes Read Team Security

Jeremiah Talamantes, President and Managing Partner of RedTeam Security

Jeremiah has been in the IT industry for nearly 20 years and is the creator of The PlugBot Research Project, a foray into the concept of a hardware botnet. He is an active security researcher and adjunct professor at Norwich University, College of Graduate Studies in Information Security & Assurance.

7. Deploy the right software-level protection

Cyber attacks against small businesses have been increasing steadily over the past five years.

According to a report by Keeper Security and the Ponemon Institute, 50 percent of small businesses have been breached in the past 12 months.

Small business websites, employee email accounts, and customer data are attractive targets for hackers since they often have more digital assets than an individual consumer, but less security than a large organization. Hackers are very much aware that small businesses are less careful about security,” notes John Swanciger, Manta CEO, adding his top tips for businesses to protect themselves.

John Swanciger, CEO, Manta

John Swanciger is a seasoned technology executive with vast experience in team building, product marketing, and strategic partner development. As CEO, he leads Manta to strengthen its current offerings, while expanding products and services for small business owners.

9. Know your enemy – assess the threats and implement appropriate data security protection.

Knowing exactly what risks you face can help you choose the right system of protection.

William Horne, Editor, The Telecom Digest

William is the Editor of The Telecom Digest, the oldest e-zine on the Internet. A former telecommunications engineer at Verizon, he currently runs his own consulting business, helping Small Office/Home Office clients to maximize productivity.

10. When in doubt, don’t cheap out on security.

Limit what you put online. Pay someone who knows what they are doing to shut off unnecessary services on your servers/web host. At minimum, set up a Software Firewall/IPS and a Web Application Firewall. Most inexpensive servers and hosts come with many options open by default which should not be left on.

Encrypt, Encrypt and Back Up. Get a trusted and signed SSL certificate and encrypt all traffic to and from your web server end-to-end. Encrypt and/or salt and hash any unique information that is stored, passwords, payment data, even email address. Back up all of your data on your server regularly through a security provider.

It is always too good to be true. – Phishing is one of the most common ways in when hacking small business. Email filters are usually not as effective. Small business owners and entrepreneurs are open to emails they receive as they look for partnerships and other opportunities to grow their business. Host your email on a separate service or set of servers. And scrutinize emails you receive, think twice or three times if it seems to good to be true. It might end up being really bad.

When in doubt, don’t cheap out on Security, pay a service provider that specializes in small business cybersecurity. The investment will be immensely cheaper than the average cost of an incident, which is more than $200 per customer record exposed.

Pieter Van Iperen, Founder, Code Defenders

Pieter Van Iperen, Founder, Code Defenders

Pieter Van Iperen is a Founding Member of Code Defenders, a collective that protects the long tail of the internet, an Adjunct Professor of Code Security at NYU, a Certified Penetration Testing Engineer (Ethical Hacker) and a Certified Secure Web Application Engineer. He is a veteran programmer and security expert.

11. Choose security solutions based on your business needs.

Jeff Hoffman, President, ACT Network Solutions

Jeff Hoffman is the President and Security Evangelist at ACT Network Solutions in suburban Chicago. ACT has been providing innovative IT Security Solutions to the financial, legal and healthcare industries for over 29 years.

12. Have these three types of security training in place.

Making your employees strong links in the cybersecurity chain requires more than just implementing general security policies. They need different types of training to be able to recognize and deal with different threats. Below are some of the vital ones:

Get employees to focus on themselves; don’t harp just on security awareness that affects the company. Make workers understand that business security is about *them* too, not only the elusive bigwigs. Talk to them about the most common scams and tricks cybercriminals use, and how to protect themselves at home, with tools such as firewalls and wireless VPNs.

After presenting information about security awareness, come up with a scheme to set up a situation where employees are given the opportunity to open a very alluring link in their email. This is called a “phishing simulation.” This link will take the worker to a safe page, but you must make the page have a message, such as “You Fell For It.” You should also make sure that these emails look like a phishing email, such as adding a misspelling.

Consider hiring a professional who will attempt to get your staff to hand over sensitive business information over the phone, in person, and via email. This test could be invaluable, as it will clue you into who is falling for this.

Robert Siciliano

Robert Siciliano, Identity Theft Expert and CEO of IDtheftsecurity.com

Best Selling Author ROBERT SICILIANO is serious about teaching you and your audience fraud prevention and personal security. His programs are cutting edge, easily digestible and provide best practices to keep you, your clients and employees safe and secure.

13. Don’t underestimate the likelihood of an attack.

Small businesses often lack necessary security policies and practices because they underestimate the likelihood of cyber attacks striking their companies.

Manta, an online resource for small businesses, surveyed over 1,400 small business owners and found 87% of owners do not feel they are at risk of a data breach. However, 12% had previously experienced a breach and, what’s even more concerning is that about 1 in 3 small business owners have no controls in place!

Every organization has sensitive data, including customer information, employee records, intellectual property, and medical records that they must protect. Here are three steps to follow:

Success, without security, can easily turn into a catastrophe.

Dana Simberkoff, Chief Risk, Privacy and Information Security Officer of AvePoint

Dana is responsible for AvePoint’s privacy, data protection, and security programs. She manages a global team of subject matter experts that provide executive level consulting, research, and analytical support on industry trends, standards, best practices, concepts, and solutions for risk management and compliance.

14. Go beyond securing your computers.

Data security is not limited to your computers.

Human error or malicious intent is just as much of a threat, if not more so. Therefore, your first and most important step in securing your business’ data is to thoroughly check the backgrounds of any new hires, including references and criminal background checks.

In addition to this, you should make sure to safely and securely shred any old documents before you dispose of them. Hard copies of files that are thrown out or stolen are one of the leading causes of security breaches, particularly identity theft and credit card fraud.

Another important thing is to stay up to date. Many small businesses neglect their software updates, especially if they do not have a dedicated IT team. When a software company pushes out an update, it is often to improve security. Not updating your installation can make you vulnerable to attack as hackers exploit known issues in older versions.

Similarly, only download and install software from known and trusted sources. It may be tempting to save some money by downloading a cracked version of the software you need, but these often have malicious malware embedded that leave your computer wide open to attack.

Fit Small Business

Gavin Graham, Staff Writer, Fit Small Business

Gavin is a staff writer at Fit Small Business, focusing on creating Buyer’s Guides on a variety of small business topics. Gavin has been at the intersection of content management and creation in the digital marketing world for over ten years.

15. Develop a security culture.

According to Reg Harnish, CEO of GreyCastle Security, the following three tactics are key to maximizing business data safety:

Reg Harnish, CEO of GreyCastle Security

Reg Harnish is the CEO of GreyCastle Security, a cybersecurity consulting firm dedicated to the management of cybersecurity risks. Harnish is an author, speaker and trusted authority in the cybersecurity world, and was named North America’s Cybersecurity Consultant of the Year by the Cybersecurity Excellence Awards.

16. Follow basic steps for advanced protection.

STEP 1: The first step is easy: Get some. Don’t make the mistake of thinking you are too small to be attacked. Hackers prey on this, making you even more vulnerable to having customer records, employee data, and other privileged information stolen. 62 % of small businesses suffering attacks go out of business within six months; don’t become part of that statistic!

STEP 2. Back up your data. Automate backup so that employees do not have to think about it.

STEP 3. Think about physical security and managing business continuity. The recent hurricanes, floods, and wildfires provide ample evidence that backing up your data to another location is a must. Maybe the cloud, or servers at two securely networked business locations. Or, a dedicated server on the site of your managed services provider or IT consultant. Do not walk around with USB sticks and portable drives that can easily be lost or corrupted.

STEP 4. Keep current with updates and “patches.” Vendors regularly update their devices against the latest ransomware and other exploits. Keeping up with these updates is a simple thing that can avert disaster.

STEP 5. Don’t go it alone. It is not a question of whether you need business security but how much you need. You likely have anti-virus and anti-malware programs running and perhaps basic firewall capabilities. These are a good start, but if you have mobile workers, guests using your Wi-Fi, or need to comply with regulations for protecting data (HIPAA for example), you need more.

Engage a trusted IT consultant to help think through securing networks and data, and educating employees. Sometimes simple, inexpensive measures like whitelisting or blacklisting Internet sites, or defining clear rules for who can access specific resources can make all the difference and cost little or nothing.

Glenn Chagnot Uplevel Systems

Glenn Chagnot, Vice President of Marketing, Uplevel Systems

Glenn Chagnot is VP, Marketing at Uplevel Systems, provider of managed IT services infrastructure solutions to IT consultants serving small business. A prolific writer and speaker, Glenn works with IT consultants and managed services providers (MSPs) to bring affordable, business-class IT to small companies.

17. Ensure security on both provider’s and your end.

There is a tremendous risk to SMBs of significant (if not devastating) financial outcomes caused by the rise of cyber attacks. SMBs typically lack the in-house security expertise to both understand the new types of attacks that occur and protect against them appropriately, and also have limited budgets for enterprise-class solutions. A few tips Arlen suggests include:

Arlen Frew, GM of Security & Applications for Nominum

As General Manager for Nominum’s security and applications portfolio business, Arlen oversees the company’s go-to-market strategy including sales, engineering, support, and product management, as well as extending its OEM technology licensing business to the high-growth area of security as a service (SECaaS).

18. Use analytics to develop a tailor-made security program.

Every company’s security program has different threats. There’s no one rule or one guideline to watch out for. There are a few different ways to help reduce data security risks.

Peter Carson

Peter Carson, President of ExtranetUserManager

As the founder and President of ExtranetUserManager, Peter brings over 20 years of technology consulting, certified engineering skills, database design, and application development – combined with strong communication, analytical planning, and business skills.

19. Review your password and information sharing policies.

Even in settings where there are no advanced business security systems, some basic best practices need to be implemented. Gregory Morawietz, an IT Security Specialist, highlights the following:

Gregory Morawietz, VP of Operations, Single Point of Contact

Gregory Morawietz is an IT Security Specialist with over twenty years’ of network and security experience. He has worked with hundreds of firms on improving IT environments, consulting and integrating technology for the enterprise network.

21. Don’t overlook the basics.

As a small business, there are some important steps that need to be taken to ensure the security of your data. The following are the easiest ways to avoid security breaches:

Lindsey Havens, Senior Marketing Manager, Phish Labs

Lindsey Havens is a Senior Marketing Manager at PhishLabs, a managed enterprise phishing connection and an Agari partner published in CIO, IT toolbox, and other industry media.

22. Implement encryption on multiple levels

For all of our clients, we recommend measures that match the importance or criticality of the data being protected. However, there are some general best practices that should be applied universally.

For logins, we recommend utilizing “two-factor authentication” whenever possible, especially on cloud systems. Whenever one of your systems requires an additional factor to log in, you have dramatically increased the difficulty for an attacker to use an exposed login and password. It is not infallible and needs to be combined with other authentication best practices, but it is so easy to use in some cases, there is no right excuse not to use it.

Secondly, encryption everywhere. Data on the move should be “encrypted in transit” – this means using HTTPS/SSL for your website and web applications, as well as connections between database servers. Data at rest encryption – data on persistent storage (such as server disks, server backups, database backups, etc.) are all to be encrypted where possible.

Lastly, personal data and private data (consumer names, phone numbers, and email addresses, in addition to the traditional items such as credit card numbers) is often the target of a breach attempt should be protected with encryption as well – perhaps as database column encryption.

One final tip – Full Disk Encryption (FDE) on both Windows (via BitLocker) and Mac (via FileVault) – for all workstations and laptops. It’s easy to enable and manage, and it ensures if a machine is lost or stolen (a common occurrence with laptops) that the data will not be retrievable.

Timothy Platt Security threat analyst

Timothy Platt, Vice President IT Business, Virtual Operations, LLC

Timothy Platt is a VP of IT Business Services at Virtual Operations, LLC – an IT Managed Services Provider.

23. Stop thinking like a small business.

Stop thinking like a small business. You are NOT too small to be a target. If your business data is the core value of your business, protect it.

Don’t run to Best Buy or Staples to buy the cheapest gear, especially Wi-Fi. Again, if your business is how you and your employees feed your families and invest for your future, treat it as such and only deal with skilled professionals who are themselves invested in protecting their business and their clients.

Be afraid, be very afraid. It is a bad new world out there, and the bad guys have tools you would not even believe, and all the time in the world to use them against you.

SMB’s need to have a healthy paranoia about their network and data security.

Art Artiles, Mathe, Inc.

Kathi Powell

Kathy Powell, Marketing Manager, Tie National, LLC

Kathy Powell is the Marketing Manager at Tie National, LLC. Kathy has used her talents to both build and manage new departments from the ground up to secure company growth and client satisfaction. Her passions are analysis, design, and volunteer work.

25. Quick wins can make significant differences.

On average, a robbery occurs every 13 seconds, and small businesses are four times more likely to be the target of a break-in compared to a home. As a small business owner, it is important to know your weak spots and safeguard against them.

“Hackers can review every scan and get a treasure trove of data,” Montague said.

Sage Singleton, Security Expert, Safewise

Sage Singleton is a security expert for SafeWise, a comparison engine for home systems.

26. Start with proper “network hygiene.”

In today’s connected world anyone that uses social channels or email is a target for hackers. Small and medium enterprises face the same cybersecurity challenges as large enterprises and government agencies.

The trend of “landing a whale” is rapidly moving to “filling the nets.”

We are seeing greater proportions of successful attacks against the SMB and SME than ever before – one in five SMBs are hacked each year, and 60% of the victims go out of business because of the attack. The rationale for this is pretty simple. All too often, many SMB and SMEs lack the tools, skills and financial resources to detect successful breaches and insider threats. Add to that, the sheer number of prospective victims – close to 6M in the US alone, this target is easy pickings. Damages from one successful targeted attack could cost a small company as much as $84,000.

How to protect:

First, start with proper “network hygiene”. We may no longer see phishing attacks about your dead uncle who left you $10M. However, casting a broad net to snare unsuspecting small business owners is still a viable business model for hackers. Hygiene also includes proper training of your people. Training a person to recognize breach-tactics is imperative for businesses of all sizes. Fortune 100 companies do it and so should SMBs.

The next piece is around network and personnel visibility. Small businesses are often conduits for breaches to larger organizations. The SME hiring and vetting process for all your contractors and employees should be strict. Once the person is in your organization – they are in. Do you want to be the next small business that becomes known as the weak link in the next front-page-headline breach (see HomeDepot and Target)? Also, small and medium enterprises should know what applications are allowed and not allowed to run on their network. There are cost-effective, easy to use, easy to deploy solutions on the market today that enable organizations of all sizes to be situationally aware of what data is coming and what is going.

The next area is protection. Perimeter defenses should be enterprise-class. SMEs should not “settle” for a reduced subset of features just because of their size. If a vendor says, “That is only in our Enterprise Version,” run, not walk away. SMEs are very mobile device dependent. Many times the mobile device is the ONLY computer. Take steps to protect all devices, not just traditional computing platforms such as laptops.

And finally, be prepared for “oh no!” Having an easy to follow remediation plan is a critical step in keeping your business running. Ransomware is only effective if it can hold you for ransom. Have your backups disconnected from the computer? Know who can rebuild a machine quickly.

You will get punched – so be prepared to take one (or more)!

Paul Kraus, Founder & CEO, Eastwind Networks

Paul Kraus is a Founder and CEO of Eastwind Networks, a cloud-based breach detection solution that aims to protect government agencies and enterprise organizations from cyber threats that bypass traditional security measures. He has more than 25 years of experience in security.

27. Do not entrust your data to just any cloud.

Jim Angelton, CEO, Aegis Finserv Corp

Jim Angelton is a CEO of Aegis Finserv Corp. AegisFS CyberThreat Division provides the full scale of cybersecurity services for small to large businesses.

28. Self-evaluate to keep pace with both risk and compliance.

Your business is small, but risks are enterprise-size

Top cybersecurity threats to small businesses (SMBs) are very similar to the risks all enterprises face. The stakes are much higher for SMBs because they often lack the resources to fight back and prevent data loss. Large firms have teams of data security experts and can afford extensive audits. SMBs can be more vulnerable to security risks and struggle to quickly react to vulnerabilities.

Keep pace with both risks and compliance by self-evaluating

Frequently self-evaluating the company’s cybersecurity practices is the best way to detect and prevent cybersecurity threats. SMBs can use the NIST Cybersecurity Framework (it’s free!) as a blueprint to evaluate current security policies and remodel data protection policies to focus on preventing vulnerabilities and to set goals to improve and maintain security.

Traditional data security standards and protections all attempt to do the same things: protect sensitive data. The NIST Cybersecurity Framework is unique because the Framework combines the best practices of other security standards to focus on outcomes, rather than avoiding liability. SMBs should self-evaluate cybersecurity at least once a year, with participation from all business unit leaders and all of the IT team.

Don’t become a victim of your own success – growth.

As SMBs grow and add employees and partners, they must share access to vital business data and systems. For example, a small company can rely on a single IT person to manage access to data, a server, and the company network. As the SMB grows and adds employees and offices, a “single point of failure” becomes a risk for the company. Security for data and networks should grow with the business, with precautions built into business goals.

Margaret Valtierra, Senior Marketing Specialist, Cohesive Networks

Margaret Valtierra is Senior Marketing Specialist at Cohesive Networks. She is responsible for growing business through digital and written content, public relations, and community events.

29. Stay vigilant about threats

Terry Barden, President, Forward Systems, LLC

Terry has worked in network and systems engineering for over 20 years at enterprise level operators. He founded Forward Systems in 2015 to help small and medium businesses prepare and defend themselves against cybercriminals. Forward Systems is a security-focused total service provider offering software and hardware solutions for managed security, managed IT, backup and disaster recovery and system virtualization.

30. Understand why you need controls and how you can implement them.

For the owner, manager or executive of a small business, my three tips for data protection would be:

Rhand Leal, Information Security Analyst, Advisera

Rhand Leal is one of the lead Advisera’s ISO experts and Information Security Analysts in charge of ISO 27001 compliance and other security standards. He has ten years’ experience in information security, and for the six years he had continuously maintained а certified Information Security Management System based on ISO 27001.

32. Make your systems hacker-proof.

business data analyst

Bob Herman, Co-Founder and President, IT Tropolis Group LLC

Bob Herman has (25) years working experience in the computer security industry after graduating as an engineer from Georgia Tech. His professional interests include computer systems applications to business processes, virtualization technology, cloud computing efficiencies, and cybersecurity.

33. Put the right technologies in place

Every company, every business, and rather every enterprise is facing data security risk. One plausible reason for this is the fact that majority of us intentionally or unintentionally save data on our machines, which, as a matter of fact, are vulnerable to data breach. Businesses going down and getting bankrupt is becoming a norm only because people’s ignorance or lack of knowledge to understand data security risks.

Let’s quickly catch up the biggest and also the most commonly witnessed mistakes companies make with data security protection. These are:

These are some issues that businesses, as well as individuals, have been facing over the years. They are not just limited to large companies. Small businesses also face the dangers of getting affected because of the lack of security measures.

But, the good news is that this can be dealt smartly. The following steps might help assist in data security.

Belonging to a company that offers security services, we, at Kualitatem, know how important your data is to you and are cognizant of the significance of keeping it protected.

Kashif Abid, Head of Compliance and Security, Kualitatem Inc.

Kashif Abid MS, LPT, CEH is serving as Head of compliance and security for Kualitatem Inc. He is a researcher, a Certified Ethical Hacker (CEH), EC-Council Certified Security Analyst (ECSA) and a Licensed Penetration Tester (LPT).

34. Set up business data security policies

Outside of the staples (clear company policies/SOP), when it comes to data retention and dissemination along with consistent back-ups, I would say:

35. Consider outsourcing qualified IT security staff and systems.

For any business, a data security issue can be ominous. For a small business, it can be catastrophic. The three top tips I can unequivocally recommend are as follows:

There are no silver bullets for data security, but by following these tips and proactively engaging with your IT service provider on a monthly basis, any small business will be in an excellent position to understand their exposure, the current cyber environment, and keep their data and business out of harm’s way.

Jeffrey Hornberger, Vice President of Sales, Security First

Jeff Hornberger is the Vice President, Sales and Consulting for Security First Corp, also serving as the lead architect for the Public Sector, including the Intelligence Community and Fortune 100 clients.

37. Set up multi-layered security measures

Alec Sears, IT Specialist, Frontier Business

Alec Sears is an Information Technology expert at Frontier Communications.

38. Leverage remote storage and backup solutions.

Tip #1: Store Your Data On An External Hard Drive

It is common nowadays for businesses to store documents on Google Drive and Dropbox. They are convenient, free iCloud storage systems that many use every day. However, they are not the most secure especially for business information and data. To be safe, store your business data on an external hard drive. It may cost a little depending on the size of your small business but will be well worth it in the end. By storing your information this way, it will save you the panic attack if for some reason your data is lost.

Tip #2: Limit The Number Of Employees Who Have Access To Account Passwords

When it comes to data account passwords, it is better to be safe than sorry. Only provide passwords to employees who absolutely need them, and whom you can trust. Issues with account passwords can arise if you have a disgruntled employee or ex-employee. They could steal your business information leading to your business being ruined.

Tip #3: Never Use Public Wi-Fi For Business Work

Public Wi-Fi is a playground for hackers and cybercriminals. When it comes to doing work, never use public Wi-Fi. If a hacker were to gain access to your data, your customer information and business information would be compromised. This type of situation a small business may never recover from.

Holly Zink, Digital Marketing Associate, The Powerline Group

Holly Zink is a Digital Marketing Associate and Cybersecurity Expert for The Powerline Group. For them, she manages multiple technology-related blogs and often writes about data security tips for all people including businesses.

39. Understand and control your data

In May 2018, GDPR (General Data Protection Regulation) will come into force. That’s just five months until the most significant reform in data protection and privacy laws for over 20 years. Things will be very different. GDPR is going to seriously affect data security and how businesses must operate. Whether you’re a multi-national or a small business, all will handle some level of personal data whether it’s on staff, customers or enquirers.

GDPR is the government regulations defining how that personal information is managed, to protect consumers and their privacy from data misuse. GDPR brings stricter guidelines and higher fines than the current data protection legislation. The clock is ticking. How prepared are you?

Here are three data security tips on this topic to get you started:

Libby Plowman – CRM and Data Director, Intermarketing Agency

Over 20 years’ experience in the marketing data industry, providing consultancy and project management on complex multi-functional data projects. Critical areas of specialism include multi-channel CRM, customer insight, and data strategy, across a variety of industry sectors.

40. Secure your website domain.

Three quick wins for a small business right now would be to:

Chris Byrne is co-founder and CEO of Sensorpro.

41. Implement email best practices.

Email is essential for all businesses. That necessity is why email is also the number one threat vector for hackers.

That is why it is important to have an email security plan in place. Three things all small businesses can do are:

director of secure business data storage

Hoala Greevy, Founder and CEO, Paubox

Hoala has 17 years experience in the email industry and is the architect of the Paubox platform. He graduated from Portland State University with a BS in Geography and a BS in Social Sciences.

43. Ensure your applications are secure-by-design

Cloud data security is frequently thought about in terms of managing existing risk. It’s crucial that organizations ensure that applications are ‘secure by design’ – whether they are developed in-house or purchased from an external provider.

Shifting left and fixing security flaws in the development stage and shifting right to monitor for new vulnerabilities ensures that firms are doing everything they can to stay ahead of the hackers. It helps prevent ransomware locking-down data or from allowing it to be exfiltrated. When purchasing cloud applications, it’s crucial that organizations manage their software supply chain and source solely from providers that can demonstrate proof of security.

Where businesses already have a preferred vendor without such certification, they can be a positive force in supporting their suppliers’ application security processes. A number of firms that CA Veracode works with, for instance, even pay the third-party license fee to

enable their supplier to become compliant with their company’s standards.

Peter Chestna

Peter Chestna, Director of Developer Engagement, CA Veracode

As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs.

46. Treat security as a process, not an event.

Achieving some level of security requires a specific mindset that every organization needs to understand and then internalize. It doesn’t matter if you’re engaged in “routine” tasks or something more specialized – every organization is more and less secure over time since the nature of cyber attacks constantly evolves. The process of security means adjusting and learning accordingly.

A head-in-the-sand approach ensures that an organization will become less secure.

Also, beware the unwitting perpetrator. Like crimes in the non-virtual world, Distributed Denial of Service (DDoS) attacks and cyber hacks rarely come with calling cards. Those with ill intent find honeypots of oblivious organizations they can commandeer easily, with a single password. In the incident referenced earlier, the mega-provider didn’t even have an abuse team. So, at the very least, businesses need to insist that their hosting company assign a unique password to every server – and have an abuse team at the ready just in case.

Adam Stern

Adam Stern, Infinitely Virtual

47. Understand privacy policies of your cloud accounts.

Strong passwords and 2 Factor Authentication are the best things consumers of cloud software services can do themselves to improve the security of their data. The days of swapping letters for numbers and special characters in a password are long gone. So is the advice that they should be changed often.

The recent recommendation is that passwords should be formed of 3 random words. For example, ‘TreeKeyPencil’ is far more difficult to guess than ‘1iv3rp00l’. Adding an extra layer of security with 2 Factor Authentication will further prevent your cloud-stored data from getting into the wrong hands.

Additionally, when choosing a cloud software provider to share your data, it’s essential you read their privacy policy and terms and conditions. This should give you an indication of what the service provider will do in the event of a data breach, as well as what they are doing to prevent one in the first place. For example, ISMS.online undergoes regular penetration testing and has achieved Pan UK Government accreditation and PSN certification.

Sarah James

Sarah James, ISMS.online

The UK-based ISMS.online is a secure cloud software platform used by organizations to describe and demonstrate their information and cybersecurity posture. ISMS.online also allows you to manage regulations like GDPR and certifications like ISO 27001.

48. Take a zero trust approach

The best approach to cybersecurity you can take is to protect everything by default.

This zero trust approach doesn’t require user involvement to keep the data safe and it takes into account the way data is realistically used and shared with organizations.

Keep a watchful eye toward internal breaches, not only external. Even if it’s unintentional, up to 43 percent of data breaches are caused internally. It’s most effective to automate security in a way that is seamless to end-users, so they don’t try to circumvent it.

Understand that there is no longer a perimeter. With multiple entry points into an organization (so many devices), there is no longer a defined and defensible perimeter. In today’s cloud-first environment, companies no longer own or secure the servers where the data is kept.

lawrence jones

Lawrence Jones MBE, CEO, UKFast

UKFast is one of the largest independently owned hosting providers with a team of over 400 people in Manchester, London, and Glasgow.

52. There are two critical steps to take for the improved security

The first step to keeping your data secure on the cloud is to ensure that your cloud data is protected by, not just a password, but a two-step authentication process. Creating a strong password (12-15 characters, upper and lowercase, with numbers and symbols) is essential, but even a password like that can be cracked.

Add two-step authentication by sending pin numbers to your phone or adding personal security questions on top of your password.

The second way to keep your data secure is through encryption. Opt for an encrypted cloud service, so your information is always protected. This is especially important for companies in the healthcare and defense industries.

Keri Lindenmuth

Keri Lindenmuth, Marketing Manager, KDG

Keri Lindenmuth is the marketing manager and web content writer at KDG, a technology solutions provider located in Allentown, PA.

53. Add enhanced security settings to your public cloud

The most common and publicized data breaches in the past year or so have been due to giving the public read access to AWS S3 storage buckets. The default configuration is indeed private, but people tend to make changes and forget about it, and then put confidential data on those exposed buckets. There’s very little excuse to do so.

In addition to this, you should implement encryption both in traffic and at rest. In the data center, where end users, servers, and application servers might all be in the same building. By contrast, with the Cloud, all traffic goes over the Internet, so you need to encrypt data as it moves around in public. It’s like the difference between mailing a letter in an envelope or sending a postcard which anyone who comes into contact with it can read the contents.

Tod Bernhard

Todd Bernhard, Product Marketing Manager, CloudCheckr, Inc.

55. Be aware of the most common security mistakes

A weak password, or reusing the same password for multiple accounts, is the biggest security risk for cloud-based applications. If one of your accounts is hacked, the rest can easily be hacked using the same credentials. You really shouldn’t be using the same password for your online banking as your email. But since it’s nearly impossible to remember a unique, secure password for every account that you use, I recommend using a password manager like 1Password.

In addition to this, you should run regular backups of data that’s in the cloud.

There’s a big misconception about how cloud-based platforms (ex. Shopify, QuickBooks Online, Mailchimp, WordPress) are backed up. Typically, cloud-based apps maintain a disaster recovery backup of the entire platform. If something were to happen to their servers, they would try to recover everyone’s data to the last backup. However, as a user, you don’t have access to their backup in order to restore your data. This means that you risk having to manually undo unwanted changes or permanently losing data if:

Rewind, the company I co-founded, has been backing up Shopify accounts since 2015 and from speaking with hundreds of customers, I can tell you that these four examples are pervasive. I’ve seen everything from entrepreneurs breaking their Shopify site after messing with the code, to 3rd party apps accidentally deleting over 300 products in their store.

Having access to a secondary backup of your cloud accounts gives you greater control and freedom over your own data. If something were to happen to the vendor’s servers, or within your individual account, being able to quickly recover your data could save you thousands of dollars in lost revenue, repair costs, and time.

Mike Potter

Mike Potter, CEO and Co-founder, Rewind

Mike is a serial entrepreneur and currently the co-founder and CEO of Rewind, a backup solution for Shopify, BigCommerce, and Quickbooks Online. His second full-time position is Hockey Dad.

56. Get serious about security

Tip 1: Get serious about password security. Storing your data in the cloud means that your password is the key to the only door protecting your data from the world. Follow the advice that you’ve heard so many times, and use a secure password (a password manager such as LastPass or Dashlane can make this easier), and don’t share the password among users. Also, use two-factor authentication if possible to add another layer of protection.

Tip 2: Encrypt the data you store in the cloud. This is easiest if you choose a provider that allows encryption, but there are also services such as SmartCryptor or Boxcryptor. Even if someone is able to get to your cloud service, if you have the files encrypted, it will be more difficult for them to actually access your data.

Tip 3: Keep backups of your data in a separate location. Cloud services are a great way to store data offsite as part of a backup solution, but follow the backup rule of three and have a backup in another location as well, either locally or in a separate service.

Stacey Clements

Stacy Clements, Owner, Milepost 42

Stacy Clements is the owner of Milepost 42, a technology partner for small business owners who want to focus on their passion and not the techie stuff needed to support the business. She spent 23 years in the Air Force, much of that time in communications/information and cyber operations, and began freelancing as a web technologist in 2008.

57. Maximize cloud security with containers

Containers have been around since the mid-2000s but didn’t experience the surge in popularity until 2013. Now, 56% of all organizations have containerized product applications. Containers simplify software distribution and allow for greater resource sharing through computer systems. Containers also reduce an organization’s vulnerability for a massive cybersecurity breach by isolating data in separate environments.

Carson Sweet

Carson Sweet, Co-founder and CTO, CloudPassage

Carson Sweet is co-founder and chief technology officer for CloudPassage. Carson’s information security career spans three decades and includes a broad range of entrepreneurial, management and hands-on technology experience.

58. Use specialized software to prevent attacks

Specialized software solutions can significantly improve detection and prevention of cyber attacks, but no system is ever perfect. Even the companies with a good cybersecurity setup can end up as victims too. Make sure your employees are also trained in using cybersecurity software as well as prevention, detection, and incident response.

Detection is king – the longer an attacker is inside your network, the greater the damage they can cause. Intrusion detection systems and a good analytics setup with 24h notifications can go a long way in reacting to the next system intrusion quickly.

Reaction saves the day – make sure you have access to experienced cybersecurity experts who are familiar with your IT infrastructure and setup. If you are a small organization with no IT department, you can outsource this to a range of different IT service providers who can step in when needed.

So what are the solutions available out there? Crozdesk has found that the variety of new IT security software solutions launched onto the market has increased by nearly 350% from June 2016 to June 2017, as compared to the 12 months period before.

Funding for cyber and cloud security software companies has nearly doubled over the last couple of years, and this is resulting in a surge of new cyber technology types. It is good to be updated on the latest network security technologies available and consider adding applicable ones to your cyber security setup. Honeypots (traps for intruders) were in demand last year.

Orion Devries

Orion Devries, Researcher at Crozdesk.com

Orion Devries is from Crozdesk.com, a business software discovery and comparison portal featuring more than 100 Cyber and Data Security solutions.

Share on LinkedIn