How small businesses can keep data secure

By Ken Tysiac

A lack of resources and a false sense of security can make small businesses enticing targets for hackers. Lisa Traina, CPA/CITP, CGMA, president and owner of information technology security firm Traina & Associates in Louisiana, suggests ways for organizations with limited IT budgets to keep their data secure:

Don’t think it can’t happen to you. Breaches at large companies such as Home Depot, Sony, and Target make the headlines, but small companies are at risk, too. While it’s true that larger companies have greater quantities of valuable information for hackers to steal, smaller companies are at risk because fraudsters presume—often correctly—that their controls are not as strong.

Install proper network and work station controls. An IT specialist needs to make sure the company has a properly configured firewall. Anti-virus software and current patches need to be applied to all hardware and software. Companies also should make sure access to data and systems is limited to individuals for whom access has been approved.

Establish a culture of security. Training is a key element in creating an environment where the importance of data security is appreciated and treated with the appropriate serious attitude. Employees need to understand the dangers of visiting unsafe websites while at work. They need to know what phishing emails look like, and that one click on a nefarious link can result in a major breach. Many companies block access to certain sites in the name of security.

Use strong passwords. Having one employee use a weak password such as “Password1” can put the whole organization at risk. Systems should encourage or even require passwords that use a combination of numbers and letters and are more difficult for hackers to crack. Employees should not use the same password for all sites and systems, and should be sure to use separate passwords for business and personal systems. Unique, complex passwords are essential.

Monitor vendors. Companies need to ask whether vendors have access to company data and whether data are secure after being accessed or obtained by the vendor. The data breach at Target in late 2013, which compromised the personal information of as many as 70 million people, was connected to a breach of a Target heating, ventilation, and air conditioning vendor. The consequences for small businesses are clear. They should be aware that their vendors can unwittingly provide an entry point into their systems for fraudsters, and they should know that hackers might target them to gain access to their clients’ systems.

Conduct periodic testing. Test systems at least yearly to identify vulnerabilities. Depending on the size and industry, some companies undergo more frequent testing.

Make mobile devices part of the plan. Many smartphone users don’t think of their devices as computers, but they also are powerful mini-computers that can hold a treasure-trove of valuable data for hackers who can get access to them. Mobile devices should be fitted with anti-virus software and receive patches and updates—just as desktop computers or laptops do.

Get finance involved. CFOs and finance professionals are used to dealing with risk and tend to be technologically savvy. A company’s IT professionals possess the technical proficiency to address the threat of data breaches, but they may be so busy trying to keep the machinery working that they don’t have adequate time or resources to thoroughly consider data security. Finance may have a more complete view of the overall enterprise that can help companies determine their risks.

—By Ken Tysiac, a JofA editorial director.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

QUIZ

News quiz: Scam email plagues tax professionals—again

Even as the IRS reported on success in reducing tax return identity theft in the 2016 season, the Service also warned tax professionals about yet another email phishing scam. See how much you know about recent news with this short quiz.