These days, we hear about large-scale data breaches—and incidents of corporations falling short on their efforts to safeguard consumer data—all the time. Case in point: the recent revelation that Facebook allowed data firm Cambridge Analytica to scrape personal info from roughly 50 million user feeds.
But are those breaches—and in the case of Facebook, gross errors in vendor management—at all instructive for small-business owners looking to ensure that their company’s data cache isn’t hackable?
Jared Silver, president of Silicon Valley jewelry firm S.H. Silver, considers the Facebook breakdown a teachable moment for all modern businesses. “This is a challenge all technology businesses will face as we continue to leverage more and more technology,” he says.
Rick Rogoway, co-owner of Oregon jewelry store LaRog Brothers, calls Facebook’s poor custodianship “unfortunate,” but adds that ultimately, “privacy might be a thing of the past anyway in this fast-paced social media–driven world.”
On a fundamental level, he’s right. Experts agree that no system is impregnable. But there are important steps retailers can take to ensure that they’re not easy targets for data thieves.
We asked Ryan Manship, president of security consultancy RedTeam Security in St. Paul, Minn., to share some valuable tips for keeping a company’s data secure.
Practice Password Security
“It’s important that your company’s employees have good online passwords and understand what good and bad passwords are—and that password reuse is bad,” Manship says. He recommends investing in a secure password manager “so you only have to remember one password, and can keep all your passwords safe. It’s like keeping your valuables in a vault.” Highly rated password managers include LastPass, Dashlane, and 1Password.
Create Two-Step Logins
Instituting multifactor authentication, also known as two-step authentication, is another important safeguard against online attackers. Users log in to a site with a password they know, and then are sent a second, unique login through something tangible such as a smartphone or key fob. “This makes breaking into things very difficult,” Manship says. “Someone would have to have the item to get into the data. The level of effort the attacker has to go through goes up significantly.”
Understand Your Risk
“Business owners should do a real risk assessment with a third-party company to help them understand how to prioritize what they need,” Manship says. And once you fix or bolster a system, test that it’s impenetrable. Offensive-security firms identify vulnerabilities for companies by acting as cyberattackers trying to break into their systems.
Hang High
Remember that digital security is a bit of a bob-and-weave game. “There are automated systems looking for ways in on the internet at all times,” notes Manship. “If you hook up a brand-new internet connection, in a matter of minutes something is going to scan it. So you want to do everything in your power to not be the low-hanging fruit attackers come for.”
(Isaac Lane Koval/Gallery Stock)