Data breaches at large companies like Target and Nieman Marcus make headlines. But with comparatively small IT budgets--or no IT departments at all--smaller businesses are at a greater risk of cyberattacks.
In 2012, half of all attacks in California targeted businesses with fewer than 2,500 employees, according to a new report by the state's attorney general, Kamala Harris. Businesses with fewer than 250 employees were the victims of 31 percent of all attacks.
Last year there were 170 data breaches reported in California, a 30 percent increase from 2012, the report found. In the past two years, the personal data of 21.3 million Californians has been compromised, according to USA Today.
In response to the growing threat, Harris is focusing considerable effort to fight hackers and educate business owners about how to protect themselves. Her report found that cybercrime is largely "opportunistic," meaning that hackers are actively looking for "'low-hanging fruit'--today's equivalent of someone who forgets to lock her car door," Harris says.
In the report, titled "Cybersecurity in the Golden State," the attorney general outlines best practices for small businesses to shore up their defenses. Below, check out some of the most important tips. You can read the entire report here.
When banking online, you need to first make sure you're using a secure browser connection, indicated by "https" or a symbol of a lock in the address bar. After each session, erase your cache so no information stays in your browser's history. Also make sure to utilize account notifications and two-factor authentication. Data breaches usually involve an insider, so do not allow a single individual to both initiate and approve financial transactions.
Use multiple lines of defense.
Your business needs to use "multiple, overlapping, and mutually supportive solutions," the report says. Then if one defense fails, you will still be protected. "This should include the deployment of regularly updated firewalls, antivirus, and Web security solutions throughout the network. Also, anything connected to your network should be secured by more than signature-based antivirus technology," the report says.
Map and encrypt your data.
As your business grows, you may have to move, archive, or store your data offsite or with third parties. Make sure you know where these archives are located. Next, you should encrypt all the data you have, which makes it unreadable without a special key. "Free and easy-to-use encryption technology is widely available. Encrypting your data can dramatically reduce your exposure to a data breach and the theft of proprietary information," the report says. Another important action is to limit the access your employees have to sensitive accounts. No single employee should have access to everything, nor should employees have access to data that has nothing to do with their jobs.
Strong passwords and update software.
Although it may seems obvious to use strong passwords, most people don't. As the CEO, you should create policies that require strong passwords, with more than eight characters made up of a mix of letters, numbers, and symbols. Change your passwords every three months and never use personal information like birthdays, names, or colleges you attended. Keep operating systems and software updated and uninstall products you are not using anymore. Employees should not have administrator accounts, which are easy doors for cyberattacks. Also make sure your employees undergo background checks if they have special privileges for dealing with sensitive information.