An owner of a brick-and-mortar business, or anyone for that matter, knows that they wouldn't just leave the front door wide open when they leave for the day. It's just common sense really.
This kind of security common sense applies to a business' digital assets, however, may not be enforced as diligently. When it comes to protecting your small business' digital data, it all starts with being aware.
Xero Lead Security Architect, Aaron McKeown, is well-versed in the practical application of digital security. He will be leading a workshop at computer security conference, Black Hat, entitled, "Best Practices for Workload Security Moving to Cloud Environments".
He shared with me three practical ways small businesses can protect themselves against data breaches.
Use multi-factor authentication
On top of requiring a username or password to log into any kind of system related to the business, enabling multi-factor authentication is an extra step a business can take to ensure the security of their information. McKeown says it's about protecting your customers and your organization.
"Multi-factor authentication adds an additional layer of protection to customers logging into your systems," McKeown says. "Businesses should use it on every system that they possibly can."
If someone's password is compromised it means that a hacker doesn't immediately have access to the information they are after.
Multi-factor authentication can be applied in more ways than one, from online services made available to your customers to company systems that employees log in to like email. If employees have access to their work email on their phones they can install a two-step authentication app like Google Authenticator, which enhances security by providing a token by text message or phone call.
Be aware of the location of your assets
Just like you know where all your laptops and devices are, you should be able to locate all of your business' non-physical assets. McKeown says these assets - customer names, phone numbers, your organization's strategy or your next opportunity - are just as important as your physical assets. McKeown says having this visibility and knowing where your information is ensures the health of your business' security.
"It's about knowing where your information is and where it's going into your organization and where's it coming out," McKeown says. "Ask yourself, 'is there a way it is leaking out of my organization?'."
Considering who still has access to your systems will protect you from leaks such as this. Does a former employee still have a login to your systems? Asking questions is a great step towards eliminating your business' digital vulnerability.
Have good computer hygiene
McKeown says the large bulk of the problem when it comes to the online security of small businesses lies with poor computer hygiene. Making sure your business is up-to-date at the infrastructure level and the application level is pertinent. He talks about implementing a "defense-in-depth" strategy to protect your business.
"Having good computer hygiene means protecting every layer of the organization and installing multiple gates and layers of defense," McKeown says. "Small businesses have got information on all of their devices, this is why they need to protect every layer."
Something as simple as ensuring you have good, up-to-date anti-virus software installed is part of a defense-in-depth strategy. And it almost goes without saying, don't use the same password for every login.
Using cloud technology, rather than desktop software on a private server, is another way to leverage teams of security experts who are continuously hardening the ecosystem, shipping updates and implementing evolving best practices.