Network Security Tips for Small or Home-Based Businesses (Part 1)

It is important for businesses of any size, whether small or large, to employ network security tools, such as encryption or anti-virus software, to protect their systems and information.  One of the biggest Network Security hurdles small or home-based businesses face is they rarely have an experienced network security staff on call 24/7.  Part one of our two-part series focuses on actions you can take related to your hardware.  Cyber Liability insurance is also becoming a key component to protect a business from a security incident.  However, there are additional, “low tech” steps most businesses can take themselves to minimize their exposure to a network security breach that require nothing more than a little time and planning.

The 2018 Cost of Data Breach Study from the Ponemon Institute, sponsored by IBM, places the average cost for each lost or stolen record containing sensitive and confidential information at $148.  In other words, 1,000 records equate to a cost of $148,000.

Computer and Laptop

Use your work computer for work and your personal computer for everything else.  Your spouse shouldn’t be able to quickly check their email or your kids download game apps onto your work computer.  You should not share YouTube videos or your latest vacation pictures with friends over for dinner on your work computer.  No one else should know the password.

Physically separate your work computer devices from your personal computer devices.  Whether your work laptop is just at home overnight or whether it lives in your home office, it should only be used for work and it should not be physically accessible to anyone else living or visiting your home.  This doesn’t mean that you lock it in a steel vault while it is in your home.  But it does mean that if you are not working on it, your laptop and mobile devices should be kept in a room that guests seldom enter and if possible, in a drawer so they aren’t readily visible.

Storing Data

Avoid storing business data on personal computers or zip drives, even temporarily.  Data has a way of being forgotten and disappearing into the hard drive of a PC or laptop, never to be seen again, until a hacker accesses the computer.  Zip drives get tossed into backpacks, briefcases, suitcases and purses then forgotten, or they are loaned to a friend or taken to school by your kid and never seen again.

Don’t throw your hardware in the trash!

Dispose of old computer hardware and components safely and appropriately.  Just “wiping” a hard drive is not enough to remove all data previously stored.  In most situations, the golden rule of reuse, restore, recycle does not apply to hard drives.  The only way to ensure the data stored on that hard drive can never be accessed is to render the drive inoperable by damaging the platters inside the drive so they can no longer spin.  To do that requires drilling holes in the drive, pounding nails into it or sufficiently whacking it with a hammer.  And those are the safest “destroy your hard drive at home” methods available.  If your computer’s hard drive fails and you replace it, don’t let the repair shop hold on to your old drive.  Take it back and dispose of it yourself.  If you can’t bring yourself to beat an old hard drive senseless, hire a mobile hard drive destruction service to come to you and destroy it.  As a last resort, wipe the hard drive, then store just the drive alone, in a secure place, indefinitely.

Lost a Device?

Many privacy laws kick in when a laptop or other device is lost or stolen if customer, client or employee personally identifiable information (PII) was stored on the computer, even if there is no evidence that the PII was accessed or used.  Just knowing that PII may have been accessible to a 3rd party solely because of proximity can trigger laws like HIPAA.

Password Management

Never use the same passwords for business computers, websites, applications, etc. that you use for personal computers, websites, applications.  Change your passwords frequently.  Consider using a password management application for your business.  There are several geared towards small businesses and they are easy to find and use.

Additional Layers of Security

Recognize that anytime you access a network your information could possibly be intercepted.  While information you process, whether personal or business, is particularly vulnerable on public networks, your own network is at risk of intrusion.  Secure your systems and information through a virtual private network (VPN).  A VPN creates a secure and encrypted connection between your device and the server of the VPN service.  All your traffic passes through this encrypted connection preventing even your ISP from accessing it.