One of the most daunting tasks for small businesses as they increase their reliance on the online environment is the ability to stay current with security risks. Although the cyber world is full of threats, it is a world where small businesses must exist, and a certain amount of foundational understanding of security is now expected.
It might be comforting (and simultaneously bothersome) to know that despite assumptions that the threat is from the outside, in fact the biggest threats to security in your company start with the people within, according to the Business Development Bank of Canada (BDC). Unintentionally, an employee may click on a corrupt link, accidentally email secure information to an unintended recipient, or mistakenly forget to lock up sensitive information. The BDC created a helpful security checklist for small businesses to reference (p. 24, free access to eBook via email).
It can be difficult to even know where to start when considering cyber security for your small business. If you are unsure about your level of computer comfort, take this self-assessment from Employment and Social Development Canada to find out how your computer skills measure up. To start developing your organizations privacy plan, complete this questionnaire by Office of the Privacy Commissioner of Canada and complete this self-assessment tool about your organization’s habits in securing personal information. Key websites for starting include:
Get Cyber Safe Guide for Small and Medium Businesses
Get Cyber Safe Tips for Small and Medium Businesses
Personal Information Protection Act (PIPA), the privacy legislation for businesses in British Columbia. Download the guide for businesses here and a more condensed guide by the CFIB here.
Credit card security
If you are a retailer, there are rules regarding keeping credit card information safe in the point of sale (POS) system that you use. The Globe and Mail highlights ten ways to increase your payment processing security, with top priority being to maintain compliance with the Payment Card Industry (PCI).
Representing all major credit card companies, the PCI Security Standards Council has a lot of resources online to help you navigate requirements. Go to the main page for small businesses to get the why, what and how to keep information secure. The experts over at Merchant Maverick really summarize the PCI requirements well in this blog post, and Chase Canada also presents the information in a concise manner.
Cloud computing is becoming a trend among small and medium-sized businesses because of the lure in eliminating costs associated with buying and maintaining software. The cloud offers a lot of advantages for companies on a limited budget, but it is important to be mindful that information may be digitally stored in another province or country (wherever the website servers you utilize for cloud storage call home), and could be subject to different privacy policies than your Canadian business. Here are some resources to reference when making security decisions for your cloud computing provider.
Who is Responsible for your Cloud Computing? – Intuit Small Business Blog
Three Tips for Selecting your Cloud Provider – Cisco Canada Blog
Cloud computing for private organizations – Office of the Information and Privacy Commissioner of BC
Cloud Security Alliance – a global non-profit to promote best practices in cloud computing and security
Security in a mobile world
The increased ability to be mobile with smartphones introduces new security issues for small businesses, including mobile app development, storing sensitive information, and payment processing. With more and more companies developing mobile apps for their business, it is also important to consider your client or customer’s security as they use the app. Small businesses are less likely to secure their mobile payment processing at the same level of large businesses, making them a perfect target for cyber-attacks, a Lexis Nexus study found. Furthermore, there is a growing trend for companies to allow a Bring Your Own Device (BYOD) policy, so employees can conveniently utilize their personal smartphones and businesses can cut on costs. As one can assume, this poses lots of issues that can be address in your cyber security policy. Here are some links to inform your policy on mobile devices:
PCI compliancy with mobile payment processing - PCI Security Standards Council
Seizing Opportunity: Good Practices for Developing Mobile Apps - Office of Information and Privacy Commissioner of Alberta
Bring Your Own Device (BYOD): Is Your Organization Ready? - Office of Information and Privacy Commissioner of Ontario
Simple steps your small business can take now
- Update your passwords – view this brief webinar by PCI called What's Your Password? Security basics for small businesses. The webinar is free but requires the viewer to input a bit of personal information.
- Secure your wifi connection – Read these eight tips to avoid having your information hacked while on an unsecured wireless network.
- Password protect your mobile device – Because of the robust functionality of the smartphone, it is more important than ever in the evolution of cellular phones to protect it with a password.
Engage with us!
Are there other security concerns that you have at your small business? Let us know what we’ve missed and keep us informed of great resources that have helped you in the past.
SBA Adopting Digital Technologies series
Part 1: The Conference Board of Canada's 6 Best Practices
Part 2: WEC Guest Blog on Low-Cost Strategies for Going Online
Part 3: Using Technology for Financial Transactions
Part 4: Mobilize Your Business with these 3 Strategies
PHOTO CREDIT: Security Protection Anti Virus created by pixelcreatures on February 13, 2013. Image made available under Creative Commons Universal 1.0. Last viewed August 26, 2014.
PHOTO CREDIT: Password Mask Matrix Crash created by geralt on November 4, 2012. Image made available under Creative Commons Universal 1.0. Last viewed August 26, 2014.
PHOTO CREDIT: Close up of friends using smart phones created by Abd allah Foteih on May 4, 2014. Image made available under Creative Commons Attribution 2.0 Generic. Last viewed on August 26, 2014.