Your 3-Step Roadmap to Data Security
The majority of modern small business owners store information on the cloud, but is your data secure?
Every day, you’re using tools like Google’s business apps, applications like Quickbooks and Everlance, and so many more. If you’re like most small business owners (and internet users in general), your data is far from protected. Luckily, cloud security isn’t all that complicated if you know what to do — use this simple, three part roadmap to navigate your way toward data security.
Password Security for Small Businesses
Passwords are something we all love to hate, but using “password1234” is asking for trouble. Instead, you should always:
- Use multiple passwords, especially for different accounts.
- Don’t “store” passwords by writing them down on a sticky note at your desk.
- Store passwords in a secure manager, preferably using a password manager service. If you opt for an Excel spreadsheet, at least password-protect the document itself.
- Give employees sub-accounts for important accounts, not administrative access to the main account.
At the bare minimum, passwords for all accounts should be changed once per year. In the event of a data breach, you absolutely must change passwords.
Third Party Application Security
You rely on applications like Gmail, account tools, messaging tools, and so many others to get business done. Unfortunately, most data breach incidents are the result of third parties. That’s why you need to vet every application being used:
- Is it a secure and trusted platform?
- Does the company have multiple storage locations for data? As an example, Google has geographically diverse server locations.
- What measures, such as 2-factor authentication, are in place to keep your data safe and secure?
- Does the service offer increased security as your business grows?
- What is the service’s breach notification policy? You can find this information in the user agreement — search for terms like breach notification policy, privacy breach clause, and security event.
Each of these factors shines a light on how a company treats data. If an application isn’t security-minded, find an alternative, because the company clearly doesn’t care about data integrity or protecting it’s users. At the bare minimum, a secure application will have “https” in the website’s URL.
General Cloud Security Best Practices
In addition to the password and application specifics we just covered, there are certain best practices for cloud security. In a perfect world, every single small business owner would implement them:
- Require passwords on all employee laptops and computers… even if they complain.
- Turn on encryption for all machines. It’s free both Windows (look for BitLocker in the Control Panel, under System and Security) and Mac (search for FileVault in System Preferences).
- Use the same best practices for all business and personal equipment. Nowadays, if your phone or tablet falls into nefarious hands, it’s essentially the same as losing your computer.
- Use a Virtual Private Network, aka VPN, on all public WiFi networks outside of your home and office. TorGuard, HideMyAss, CyberGhost, and TunnelBear are all popular and affordable options, though many others exist. As a bonus, you can watch Netflix from anywhere in the world using a VPN.
The data your company stores in the cloud is precious, and each of these security tips is relatively easy to implement. In modern business, protecting your data is the same as protecting your company as a whole.