By now, you probably already know that data security isn’t really optional anymore – even for small businesses. Cyber attacks are increasingly common and more and more small businesses are falling victim. But as a small business, you just don’t have the same resources as an enterprise to spend on cyber security. The thing is – cyber criminals know this, too.
You may be wondering if it is even possible to entertain the idea of data security on a small budget. Absolutely. All it takes is some careful planning and knowing what you need as a baseline.
Please note: If you’re in a regulated industry, especially healthcare, your minimum is going be a bit different. Reach out to us, and we can help you make sure you’re staying compliant.
A firewall acts as a gatekeeper between your local network and the Internet. As a warning, business grade firewalls can seem expensive when you start pricing them. But consider what you are getting: This device scans all traffic coming into and going out of your network from the outside world for threats.
Most firewalls offer additional features like web filtering services, anti-virus scanning, and router capabilities. We’ve covered what to look for in a firewall here.
Encryption keeps your data safe if you experience a data breach or if a computer or hard drive is lost or stolen. It basically scrambles your data so it cannot be read without an encryption key.
If you’re using Windows, you likely already have basic encryption software. Starting in Windows Vista, Microsoft has been offering their full-disk encryption solution called BitLocker. If you’re on a different operating system or want something more robust, you’ll need to get additional encryption software.
If you have specific compliance requirements, like HIPAA, you may also need to get encrypted email.
Data backups aren’t new, and they aren’t going to do anything to prevent a cyber-attack – but they can save your business if you do fall victim to an attack.
Ransomware is an increasingly popular cyberattack, targeting businesses of all sizes. It encrypts your files until you pay a ransom fee. Paying the fee doesn’t always guarantee your files will be returned, though.
With a robust backup system, though, you’ll only lose files created after your last backup (if you’re backing up nightly, that likely won’t be very much) and won’t have to pay the ransom.
In addition to data security, the more traditional reasons (disaster recovery and retrieving deleted files) for having backups still hold true.
Employees can be your weakest link or your first line of defense when it comes to data security. It only takes one person clicking on a bad link for your entire system to be compromised. Train all of your employees to know data security best practices and the warning signs of common cyber-attacks like phishing and ransomware.
Keep this in mind: A data breach involving an employee usually isn’t because of malicious intent. Your employees are just trying to do their jobs. If the systems you put in place become too cumbersome or prevent them from doing something they need to do, they will find a way around it – and you’re in trouble if that happens.
Your best bet it to give your employees the knowledge and tools they need to do their job in a secure way.
How to Save Money
It can be tempting to try to save money by going to a big box retailer and getting equipment meant for personal use. If you are a very small company (five people or less), this may work for you. But typically, you’re better off just spending the extra money and getting commercial grade equipment. Equipment meant for personal use just can’t handle the same amount of traffic as a commercial grade firewall and will end causing slow internet speeds and could seriously hamper your productivity.
If you’re working with an outsourced IT company, get them involved in choosing equipment (especially if they’re going to be supporting it!). They should be able to help you pick the right firewall and backup solution for your network and your budget. A lot of IT companies already have relationships with vendors and can get equipment at a discounted rate that you won’t have access to yourself.
Firewalls have traditionally been sold as a large one-time purchase, but more companies are starting to offer a firewall-as-a-service option with low monthly pricing. This is usually an easier option for budget-conscious business owners. (PTG customers can get this as part of SecuritySuite, which includes firewall and monitoring services).
Data security is critical to any business and can easily drain your technology budget. But with some intelligent shopping, product bundling and knowledge of your needs, you can avoid some costly mistakes.