5 Small Business IT Security Commandments

5 Small Business IT Security Commandments


If your company handles any sensitive information, you likely know about the importance of small business IT security. You may have taken a few basic steps like installing antivirus software or firewalls to guard your data against cyberattacks. If you want to enhance your small business cybersecurity and move your data protection strategy beyond the basics, consider these five areas.

Consider an Information Security Audit

If you’re worried about holes in your business’s data protection armor, an information security audit can help you find them if they exist. If you don’t have an IT staff person to take on this task, you can outsource it to an information security firm. The auditor will thoroughly review your company’s computer networks, data protection technology and data handling practices. They’ll also ensure that any security programs you’ve installed are working properly. If any problems surface during the audit, they will make recommendations on how to fix them.

Back Up Your Data

The loss of crucial data — whether deliberate or unintentional — can devastate the finances and operations of a business. That’s why your small business IT security strategy should include safe data storage and a reliable backup system.

A cloud backup service is likely the most efficient way to address this need. It lets individual organizations avoid dealing with the cumbersome and often-unreliable infrastructure of in-house data storage. Instead, cloud storage vendors maintain a large pool of storage space that they divvy up among all their customers, while managing the data too, PC Magazine explains. The service can be tailored to fit each business customer’s size and security requirements.

Man in workshop follows small business IT security rules on his laptop

Address Wireless Communication

If your business uses a Wi-Fi network, you’ll need to ensure it’s secure. The Small Business Administration (SBA) recommends setting up a password-protected Wi-Fi router; make sure the network name, or Service Set Identifier, is not publicly visible.

The Federal Trade Commission (FTC) suggests limiting the number of people who can access your company’s computer network via smartphones, tablets, inventory scanners and other wireless devices. The FTC also recommends encrypting any data transmitted over your internal wireless network. Make sure your router has Wi-Fi Protected Access 2 capability — the highest current security standard — and that any wireless devices you and your employees use support WPA2.

Protect Digital Copiers

Computers and mobile devices aren’t the only devices that need protection. The hard drive on your digital copier also contains data that may be vulnerable to cybertheft. The FTC suggests choosing copiers with data security features like encryption and overwriting — a file-swiping method that substitutes random characters for existing data, helping to thwart a thief’s attempts to reconstruct the data. The agency advises overwriting the entire hard drive of your digital copier at least once a month.

Investigate Cyber Insurance

According to the International Risk Management Institute, the cyber and privacy insurance policy usually covers liability for many expenses related to a data breach, like financial losses due to network downtime, business interruption and other results of the breach; notifying those affected by the breach; and any related legal expenses and regulatory fines.

If you’re ready to ramp up your small business cybersecurity but need help covering the upfront cost, a small business loan may be a good financing option. The payoff of these small business IT security measures includes a lower risk of mishandled sensitive data and better peace of mind.