15 Data Security Tips to Protect Your Small Business

October 29th, 2010

In August 2010, the Privacy Rights Clearinghouse published its latest Chronology of Data Breaches, which showed that since 2005 more than a half-billion sensitive records have been breached. Of those breached records — which contained such sensitive data as customer credit card or social security numbers — approximately one-fifth came from retailers, merchants and other types of non-financial, non-insurance-related businesses, the majority of which were small to midsized.

An equally scary statistic: approximately 80 percent of small businesses that experience a data breach go bankrupt or suffer severe financial losses within two years of a security breach, according to John Sileo, a professional identity theft consultant and speaker, who knows firsthand about the havoc a security breach can wreak on a small business.

What can a small business owner do to protect her business from a security breach? Small Business Computing spoke with two security and privacy experts and consulted the leading security and privacy sites to find out. The good news: protecting your business from a data security threat is easier than you think. It’s also much cheaper than the physical, financial and emotional cost of repairing one.

The 7 Causes of Security Breaches

According to the Privacy Rights Clearinghouse (and other sources), security breaches typically result from one of the following seven causes:

  1. Unintended Disclosure: Someone in or affiliated with your organization inadvertently posts private or sensitive company or customer information on a website (e.g., Facebook or a blog) or in an email, fax or letter.
  2. Hacking or Malware: Unauthorized individuals gain access to your computers or servers (often due to inadequate firewalls or weak passwords) and steal or corrupt data by using malicious software programs known as malware.
  3. Payment Card Fraud: Information is stolen from a point-of-service credit card or payment terminal.
  4. Bad Employees: Someone who works for you intentionally steals or leaks sensitive information.
  5. Lost, Discarded or Stolen Paper Documents
  6. Lost, Discarded, or Stolen Mobile Devices (e.g., laptops, smart phones, flash drives, CDs, etc.)
  7. Stolen Computers or Servers

15 Ways to Protect Against Data Security Threats

Protecting your business from a security breach isn’t just about practicing safe tech. It’s about hiring the right people, having a good security policy in place and employing common sense. You can protect sensitive or confidential data by following these 15 steps.

1. Identify what sensitive information you have, what you use it for and where it resides. Translation: inventory your company’s potentially sensitive information (e.g., customer credit card information) and document on which computers, servers and laptops it’s stored.

2. Isolate/segregate sensitive data. Keep sensitive information on the fewest number of computers or servers, and be sure to segregate it from the rest of your data and network if possible. “The fewer copies of data you have, the easier it is to protect,” said Jon Heimerl, the director of strategic security for Solutionary, a security services company that helps companies of all sizes design and manage better security programs and detect and prevent security events.

3. Encrypt sensitive data. According to Heimerl, encryption becomes even more important when your data is mobile. “There are many options to encrypt data via applications, databases or via security suites that can run, for instance, on a laptop. If you can encrypt the data, chances are good that, even in the event of a breach, the information will be safe from ultimate compromise. The HITECH Act, for instance, says you must report breaches of unsecured data. Encrypted data is considered secure.”

4. Use Secure Sockets Layer (SSL) or a similarly secure connection for receiving or transmitting credit card information and other sensitive financial data. Using a secure, encrypted connection such as SSL protects sensitive data while it is in transit across the Internet.

5. Do background checks and get at least two references for all new employees. Ask for at least two references from previous employers and take the time to call both former employers to verify previous employment information. You may also want to check if a prospective employee has a criminal record or a problem with his credit history. To learn more about employee background checks and references, review the Privacy Rights Clearinghouse’s Small Business Owner Background Check Guide.

6. Institute a good privacy policy, and make protecting sensitive data a part of the company culture. Security policies — especially regarding the use of social media — are vital, according to security and privacy consultant John Sileo. If you allow employees to use sites like Facebook and Twitter at work, make sure they keep their personal life separate from their work-related social media use — and monitor what they say online.

7. Use good firewall and a secure wireless connection. Sileo called the number of businesses that operate a wireless network in their offices without a secure form of wireless connection overwhelming. “They’re still using WEP instead of WPA2 encryption,” said Sileo.

8. Keep anti-virus and anti-spy ware software up to date. Most small businesses have anti-virus and anti-spy ware software in place, but they forget or neglect to make sure they have the latest versions or the latest updates, which can open them up to all sorts of data security breaches.

9. Protect sensitive data with strong passwords and change passwords on a regular basis. In addition, have computers (including laptops) return to the login screen after five minutes of inactivity.

10. Make sure you and your employees only download applications that come from reliable sources. Because applications (e.g., games, mobile apps) may contain viruses, spy ware or Trojan horses, it’s important to know and trust the source of an application before downloading it.

11. Lock filing cabinets and rooms where you keep sensitive data, and only give keys to trusted employees. “Oftentimes locked boxes keep people honest,” said Sileo. “They’re a great way to take away the crime of opportunity.”

12. Use paper shredders, and place them in strategic places around your office. One of the leading sources of credit card information and social security number theft is trash cans or dumpsters.

13. Protect laptops, and be careful where you use them. Password-protect laptops and mobile devices and keep them locked in cabinets or drawers when not in use. If you store any sensitive data on such devices (both Heimerl and Sileo advise against this) make sure it’s encrypted. Also, when using your laptop on the road, tether it to your smart phone, i.e., use your smart phone as a modem, so information goes directly through your (more secure) phone versus over a public Wi-Fi hot spot.

14. If you outsource any critical functions, vet third-party security practices. Don’t be fooled into thinking that just because you outsource critical applications or store information offsite, at a supposedly secure datacenter or cloud provider or ISP, that you are not responsible for that data. “If you are outsourcing any of your operations or data management to a service provider you should be asking that provider how they address [data security],” cautioned Heimerl.

NOTE: You are still 100 percent liable for any customer-related information that is breached, even if it does not reside on a server at your business or under your control.

Therefore, before you outsource any business functions, such as payroll, Web hosting or customer service, investigate each company’s security and data privacy practices, and make sure they are adequate.

15. Consider outsourcing security or hiring a consultant to make sure your business is safe and secure. “You might consider, for instance, outsourcing firewall management, intrusion testing, vulnerability management, compliance management, especially when related to financial services (PCI) or to healthcare (HIPAA and HITECH),” said Heimerl. “Chances are that a qualified managed security service can provide better security than you … and do so at a lower cost, while allowing your IT staff to concentrate on the business.”

What to Do in the Event of a Security Breach

Here are the four steps you need to take when a security breach occurs:

  1. Do not panic
  2. Contain the breach
  3. Get help
  4. Make sure you protect your business so it doesn’t happen again

Once you have identified that there has been a breach, it’s critical that you isolate and contain it. If it’s IT-related, that may mean shutting down a server (or multiple servers) or disconnecting from the Internet for a while, until the threat has been eliminated. If you have been hacked, make sure you have eradicated all malware (e.g., viruses, worms, spy ware) from your systems and take steps to recover any lost information, such as restoring data from backups.

Next (or simultaneously), contact your lawyer and/or a security expert. Note: Forty-six states, as well as the District of Columbia, have security breach notification laws (you can also visit Privacy Rights Clearinghouse for a list), but these laws differ from state to state. If a crime has been committed, contact your local police department or, if you feel they are unequipped to deal with cyber crime or information theft, contact your local FBI office. For incidents involving mail theft, contact the U.S. Postal Inspection Service.

Also, in some cases, you may need to notify your customers if their personal information has been compromised. But before you do this, consult with your attorney and law enforcement contact as to when and how. Similarly, you should designate a person within your organization — or hire a public relations or crisis management consultant or firm — to be the point of contact for information about the breach, your response and how affected individuals can get help (if necessary).

The bottom line: It’s much more expensive to fix a breach than to prevent one. And most of the time, you can prevent data security breaches by practicing safe tech, as outlined in the steps above.

Jennifer Lonoff Schiff is a regular contributor to SmallBusinessComputing.com and writes a blog for and about small businesses

Source [SmallBusinessComputing]

Tags: , , , ,
Posted in Security | No Comments »

Vendor Management – Taking the Next Step

August 30th, 2010

First of all, what is Vendor Management?  Vendor management allows us to build a relationship with your suppliers and service providers that will strengthen both businesses. Vendor management is not negotiating the lowest price possible. Vendor management is constantly working with your vendors to come to agreements that will mutually benefit both companies.

1) The “Tried and True” Approach – Many times when companies choose vendors, they may choose on price or features but are not quite sure how this is going to mesh with their current environment.  At Solace, we utilize the vendors that we would suggest, therefore taking away many of the guessing games.

2) One Company to Call – When Solace handles your vendors, whether they be your T1 vendor or even your copier vendor, we are able to speak with  them on a technical level to ensure that issues are resolved.  And pride ourselves on being able to communicate that with our customers in a way that’s easy to understand.  Now you have only one number to call when you need assistance.

3) Company Savings – Imagine how much time that a company spends on managing its vendors per week.  Even if it were an hour a week (which is usually much more), that’s 52 hours a year.  Multiply that out by the hourly cost of the employee that handles vendor calls and trouble situations and you can see how the costs can compound over a years time.  Solace helps save that money and time for you to run your business.

4) Monitoring – Solace will monitor your contracts with your various vendors and help negotiate the best solution for your business when the times comes for renewal or replacement.  Since we maintain relationships with many different vendors in many different areas, you have one concise location for business resources.

5) Risk Management – Due diligence at contract signing is only one portion.  What is the risk of using one vendor over another?  We want to make sure that your company is not put at risk by helping to choose the solution that is right for you strategically and financially.

Tags: , , ,
Posted in Services | No Comments »

Apple iPad Sets Path to Productivity, Paperless Office

July 28th, 2010

Tim Markley recently ordered three Apple (AAPL) iPads for his warehouse. He put them on the forklift and the carts that workers push down aisles while they pull items off the shelves to fill orders. Previously, employees would carry lists (on paper) and once they completed an order they’d find a computer on the 20,000-square-foot warehouse floor to update the inventory database. That meant a lot of time spent walking around looking for a computer, then entering data—not filling orders. “In a warehouse, your travel time to pick orders is 50 percent of an employee’s time,” says Markley, president of Elkhart (Ind.)-based Markley Enterprise, a 75-person firm that designs marketing displays for stores and trade shows. “We put pedometers on our people and we actually saw steps decrease by 30 percent with the iPad,” he says. Another benefit: Markley now e-mails orders to each iPad, eliminating the need for paper.

Markley isn’t the only small business owner to embrace the iPad. Others have begun experimenting with the lightweight tablet computer, using it to outfit delivery staff and salespeople, as well as to dramatically reduce the amount of paper used. At the Rydges Hotel in Sydney, Australia, diners are handed iPads instead of more traditional menus. In New York City, De Berardinis Salon gives clients iPads rather than magazines to keep them entertained during beauty treatments.

As a device to cut down on paper costs, there’s certainly a large market for the iPad. In the U.S., companies spent about $8 billion on paper in 2007, not counting costs for ink or toner, according to John Maine, an analyst with RISI, which tracks the global forest products industry. Copier giant Xerox (XRX) estimated that for every dollar spent on printing documents, companies pay an additional $6 in handling and distribution costs.

Delivery Device

No wonder going paperless can save a small company a small fortune—if they use a lot of paper. Arhaus Furniture estimates it will save $100,000 in paper costs annually when it gives its 50 drivers iPads to use when delivering furniture from its stores. Arhaus uses software from TOA Technologies to track drivers on their routes and to predict within a one-hour window when they will arrive at a customer’s home. TOA is now creating an iPad app for Arhaus.

“The unique features of the iPad are the ability to use the built-in GPS function and the ability to collect electronic signatures,” says Irad Carmi, co-founder of TOA Technologies, adding that the size of the device is just right for drivers to carry. TOA may add a piece to the app that lets Arhaus drivers show customers photos from the catalog so they can sell accessories during the delivery process. Arhaus wants to have its drivers equipped with iPads in time for the holiday season.

Some small business owners say that the combination of the device’s ease of use, always-on capabilities, and large screen size could help them improve business processes. That is, if there’s an app—or someone willing to write one—that will let them streamline current operations.

“In the long term, it [the success of the iPad as a small business tool] is going to be very dependent on the availability of apps,” says Dan Shey, an analyst with ABI Research, which forecasts trends in communications and emerging technology. “Some of these devices are going to be designed so they are specific to a worker’s task, almost like an appliance,” he adds.

To make the iPad work, Markley needed an application that would properly display data from an online order-management service on the iPad’s large screen. He didn’t want to create his own app, so after a thorough search of Apple’s App Store he finally found one for $1.99 written by a Japanese developer. “For years, we’ve used Apple products and that’s put us at a disadvantage because most [business software] is written for PCs,” says Markley. The iPad may be changing that.

source:[businessweek] Rachel King

Tags: , ,
Posted in Cloud Computing | No Comments »

Technology Increases Small Business Profitability

June 28th, 2010

http://www.2-small-business.com/blog/images/equity_capital_for_small_business.jpgDuring times of economic struggle, most small businesses end up making cuts and changes to keep their businesses in the green. From laying off staff to decreasing business travel, reducing marketing efforts and ending bonuses and raises temporarily – there are a variety of ways small businesses look to cut their expenses. At the same time, they look for ways to increase profitability – especially when operating with reduced staff. Technology becomes even more useful as small businesses strive to increase productivity and efficiency.

There are so many gadgets and technology solutions out there that it can be easy to buy more than you need, or to buy the wrong types of products that just don’t deliver the solutions your business needs. When deciding what types of technologies can help your business reach its goals, here are a few things to look for:

Communications – technology is well known for its capability to improve the ability for people to communicate with one another. Whether you’ve got employees on the road or down the hall, virtual phone systems can route calls to cell phones and keep everyone in touch regardless of location. Instant messaging and email provide quick ways to communicate with the written word and keep documentation of these conversations for future reference. Social media and networking sites provide a way to keep in touch with co-workers, customers, and the competition at a glance.

Data Storage, Warehousing and Search – If you find employees are spending a lot of time looking for certain reports, forms or other data that they need to perform their job responsibilities, investing in network hardware and software to keep track of the whereabouts of your data can be useful.

Telecommuting – many small businesses also find that there isn’t a need for all employees to work in the same office building in order to get their work done. Having employees who telecommute requires the technology to make that happen (a secure network for employees to access data they require to do their job; improved communication systems to receive incoming phone calls at their homes or on their cell phones and the ability to keep in touch with co-workers in different locations). Having employees telecommute can save you from needing a larger office space, which keeps your overhead costs lower, too.

Customer Relationship Management – having some sort of CRM software to help you manage your database of clients and prospects is well worth the investment. Many businesses will tell you the “money is in the list”; meaning the amount of money a company earns is directly proportional to the number of people on their mailing list. Some companies use software like ACT, Goldmine or SalesForce to track their clients and leads. Others have custom-built software developed to handle unique needs that can’t be addressed with existing software.

Technology makes it possible for small business to increase productivity and compete with larger businesses on a smaller budget, thereby increasing profitability. Efficiency and organization is improved through the use of appropriate data storage, search and mining, customers are better managed through customer relationship management systems, and it is possible for money to be saved when employees telecommute from home. Before investing in any new technology, identify the unique needs of your business and determine which technology will best meet your needs.

Posted in Uncategorized | No Comments »

BloomBox – The Next Big Thing In Energy?

February 23rd, 2010

http://onlygizmos.com/content/2010/02/black-n-green.jpg In the world of energy, the Holy Grail is a power source that’s inexpensive and clean, with no emissions. Well over 100 start-ups in Silicon Valley are working on it, and one of them, Bloom Energy, is about to make public its invention: a little power plant-in-a-box they want to put literally in your backyard.

You’ll generate your own electricity with the box and it’ll be wireless. The idea is to one day replace the big power plants and transmission line grid, the way the laptop moved in on the desktop and cell phones supplanted landlines.

It has a lot of smart people believing and buzzing, even though the company has been unusually secretive – until now.”

[source CBS]

Posted in Uncategorized | No Comments »

« Older Entries