Data Security that Counts: How to Protect your Small Business from Bad Actors

In this Lenovo Evolve Small Advisor Series webinar review, we’re diving into all things data security and privacy.

Data security and privacy are at the core of all small businesses. Proper data security and privacy management is one of the first steps that you can take as an owner and/or entrepreneur to ensure that your small business will thrive in this ever-changing digital world.

By adding critical safeguards, plans, and educating your employees on data security and privacy, you’re giving yourself and your business a leg up against bad actors, while also promoting your business as safe and trustworthy for your stakeholders, who are conscious about where they put their data, which is a major plus to any business!  

We’re excited to show you the second installment of the Advisor Series! We’re joined by special guests Katie Reed, a leader at Lenovo and an Evolve Small Ambassador with over 10 years in the industry and a passion for giving back to the community. We’re also joined by Gerald Youngblood, Chief Marketing Officer for Lenovo North America.

Last but definitely not least, we have Matt Messick on call, Chief Information Officer for the Dallas Cowboys. Matt and his team play a vital role in keeping the AT&T Stadium’s networks secure and running at peak performance year-round, handling the voice traffic, data traffic, and hundreds of thousands of devices that connect during sporting events, concerts, and dozens of other activities.

That means protecting and orchestrating big events like the Lenovo and Dallas Cowboys partnership for the inaugural Empowering the Heart of Texas, that awarded 10 lucky small business owners with $5,000 at the AT&T stadium.

Together, this team of thought-leaders is taking on some of the key issues and questions that small business owners, IT professionals, and entrepreneurs face on a daily basis. Key topics include:

• Data security and why it’s important to small businesses
• Identifying and protecting sensitive data
• How to create a “human firewall”
• How you can leverage data security in your marketing strategy

What is data security and why is it important to small businesses?

Data security isn’t as scary as it seems, and laying the foundation is critical for small businesses. Simply put, data security involves the addition of measures to protect digital information from unauthorized access, disclosure, alterations, or destruction. Briefly put – bad actors.

For small businesses this includes protecting customer data and financial records. It’s to safeguard the life of your business – information. You want to make sure you have the right protections, or the checks and balances, in place to make sure you can get to where you need to be.

CIO of the Dallas Cowboys Matt Messick opened the conversation saying: “[by] protecting our data information from unauthorized access, corruption, theft…we’re protecting our brand.”

As a small business owner or entrepreneur, it’s important to keep in mind some of the following key points that showcase how data security is important to you and your business:

1. Customer Trust: Small businesses often thrive on personal relationships and trust. A data breach can erode customer trust and loyalty, damaging the business’s reputation and bottom line.
2. Legal Compliance: As data privacy regulations tighten and evolve globally, adhering to these regulations is not just ethical but also a legal requirement. Failure to comply can result in severe penalties and fines.
3. Financial Stability: The fallout from data breach can be financially devasting. The cost of dealing with a breach – from legal fees to compensation for affected parties – can cripple a small business.
4. Intellectual Property Protection: Many small businesses and entrepreneurs rely on unique processes or ideas. Data security safeguards these intellectual assets, preventing them from falling into the wrong hands.  

Gerald Youngblood elaborated on this topic: “you want to focus on your business, you want to focus on what you’ve committed to your customers [and] to your partners that you’re trying to get done…if you’re worried about not just your companies’ data, but the data of your customers, then it slows you down. Ideally, you set a foundation in place so that you can really focus your attention on your business.” 

Identifying and protecting sensitive data

There are several ways that small business owners can work to improve their organization’s data security set-up and strategy. Important steps to ensure a strong and lasting data security foundation include:

1. Conduct a Data Audit: Messick said that you should “take inventory of where everything is…take stock of devices, applications, and what [kind] of data you have.” This is key. Identify all of the sensitive data your business collects, processes, and stores routinely. This includes customer information, financial records, and any proprietary data. Know that understanding your data landscape is the first step to building its security.
2. Educate your Team: Human error is a leading cause of data breaches. Train your staff on security best practices, including recognizing phishing attempts, using strong passwords, and understanding the importance of data security.
3. Secure Physical Access: Don’t overlook the importance of physical security. Ensure that servers and other storage devices are kept in secure locations with limited access. Physical theft can be as damaging as a digital breach.
4. Regularly Update Software: Outdated software can have vulnerabilities that cybercriminals exploit. Ensure that all software, including antivirus programs and firewalls, is regularly updated to the latest versions.
5. Back Up Data: When asked about the cloud Messick said, “if you’re using the cloud you want to think about what makes sense to add to the cloud… [it all] depends on your needs – and double check where you’re saving your information. Regularly backing up your data is important. Store it in a secure location. This ensures that even if there is a data breach incident or possible information loss, you can quickly recover your information without significant disruption to your business.
6. Implement Multi-Factor Authentication (MFA): Require multiple forms of verification before granting access to sensitive systems of data. MFA adds an extra layer of protection, making it more challenging for unauthorized users to gain access.
7. Secure Wi-Fi Network: This is especially critical in an increasingly remote working world. You want to use strong unique passwords for your Wi-Fi networks and enable WPA3 encryption. Additionally, consider separating your business network from the guest network to add an extra layer of security.
8. Become SSL Certified: A secure sockets layer (SSL) is vital for your business. Proper certification keeps user data secure, verifies the ownership of your website, helps prevent attackers from creating fake versions of your website, and ranks you hire in the search engine optimization.

Creating a “Human Firewall”

When it comes to securing information in your business, you need to make sure it’s a group effort, because even with the best technological defenses in place, humans remain a crucial factor in data security. Implementing or creating a “human firewall” means installing a culture of security awareness within your organization. Here are some common issues and ways to avoid them:

1. Phishing Attacks: It’s important to train employees to recognize phishing emails and messages. Conduct simulated phishing exercises to test their awareness and responsiveness.
2. Unauthorized Access: Regularly review and update access permissions to ensure that employees only have access to the data and systems necessary for their roles and responsibilities.
3. Lack of Employee Awareness: Youngblood said, “[you want to] set someone up for success from day one – that includes keeping them in the know about cyber security awareness.” Continuously educate employees about the importance of data security. Foster a culture where security is everyone’s responsibility, not just IT’s or yours.

Leveraging your data security in your marketing strategy

Beyond protecting your business, data security can be a powerful component of your marketing strategy. Customers are increasingly concerned about the safety of their data, and showcasing your commitment to their privacy can be a competitive advantage:

1. Privacy Policy Transparency: Clearly communicate your data privacy to your customers. Transparency builds trust, and customers are always more likely to engage with businesses that prioritize their privacy.
2. Consumer Education: While it’s important to educate your employees on security best practices, it’s equally as important to spotlight your security measures with customers. Use marketing channels to educate customers about the steps you take to protect their data. This reassures existing customers while also making a strong selling point for potential customers.
3. Highlight Security Features: If your products or services include security features, make sure to highlight them in your marketing material. This can seal the deal for security-conscious customers.

Q&A

If you are running a small business from home, do you have any tips or suggestions for protecting your home connection and any best practices for protecting your router?

GY: There are basic things like firewalls that you can enable at home on your home network. The password thing [updating your password and using two-factor authentication] applies to your own home network. Make sure you have a complex password that you change periodically for your own home network and Wi-Fi. It’s really dependent on how you interact with your business from home – that’s where you leverage the cloud for data.

MM: I agree…I treat it the same way I do at the office. I do monthly patching on all the Wi-Fi access points and switches; I have a firewall that will limit what comes in and out. Some firewalls that you can get out there are simple...they can be very customizable. There are some basics you can do to protect yourself at home and I probably would…there are a lot of open ports; ports are the pathways on the internet, so you can disable lots of different things that you don’t really need.