Security for Small Business – Security Checklist

As part of an ongoing series, we’re taking a look at security for small business, the tools that are available, and the best practices that keep your business ahead of the curve.

Keeping your business safe and secure shouldn’t have to be challenging; neither should understanding the terms and topics surrounding security and cryptography. Your small business has the same responsibilities as larger organizations to protect and appropriately use customer information. It’s important to ask questions around how these responsibilities should be fulfilled.

Over the past several weeks, we’ve covered four diverse topics that will come up in any conversation around small business and security. Each week covered some tools and tips that could get you started down the road to a stronger business.

These four topics comprise a useful “security checklist” that any business, big or small, can follow to improve the security of their business.

Secure Architecture

Building and maintaining a secure architecture means your business has kept security at the forefront of all its decisions. You have proactively selected tools and integrations that enhance security and privacy. Rather than install third-party analytics tools that harvest and abuse customer data, you’ve taken a stance to only collect the information required to do the task at hand.

The first item on your security checklist should be to audit all of the external integrations in your website or application. Consider the potential ramifications of adding a social sharing button and inviting Facebook to catalog and track your customers. Remove any trackers or remote integrations from your online properties that are not essential in providing service to your customers.

Application integrity

At its core, your business’ success is tightly coupled to the accuracy and long-term consistency of the data it uses to make decisions. This includes customer profiles, industry trends, and management strategies for marrying products to felt needs in the market. While in-house decision makers need to trust their data, your customers also need to be able to trust any data they house within your walls.

The second item on your security checklist is to ensure that any data in use will remain available even in the face of catastrophic failure or disaster. How will you restore your customer database if the hosting company goes out of business? If someone steals your computer, where can you fetch a backup? Take some time, at a minimum, to ensure the computers and systems you use every day are properly backed up so your most critical data is restorable in the event of an emergency.

Critical Crypto

Even though cryptographers and mathematicians use complex terms and theories to explain their systems, there is no reason your small business should shy away from cryptography. The tools in this particular field help to ensure data stays protected from malicious actors and leverages “hard math” to verify the consistency and reliability of remote data your team depends upon. Specifically, SSL certificates ensure both that your customers can trust you are who you say you are and that no one else can eavesdrop on your business transactions.

The third item on your security checklist is to install and configure an SSL certificate on your website. This certificate will verify your identity to anyone accessing the page while also encrypting both the data you send them and any data they send you. This critical element of web crypto has the side benefit of improving your website’s standing in search results. There is no reason not to implement SSL and every reason to take this step.

Regulatory Compliance

Legal requirements for any business can be complex and confusing -- the regulations around data privacy and security are no different. Three acronyms around regulations circulating in the business world today are PCI, HIPAA, and GDPR. All three have deep ramifications with respect to both proper implementation and the penalties related to non-compliance.

The fourth item on your security checklist is to evaluate which, if any, of these regulations apply to your small business. Once you know the shape of the landscape, you can leverage publicly available tools and documentation to ensure your enterprise is in full compliance with the relevant rules and restrictions.

One Thing Right Now …

The danger with any checklist is that the mere enumeration of steps implies comprehensiveness. There is no “one true list” when it comes to creating or guaranteeing security for your small business. The steps listed above are meant to be a jumping-off point for a deeper conversation around security best practices within your organization.

In short, the one thing you can do right now to move towards a stable, secure business is to commit. Commit to understanding security and privacy. Commit to implementing the tools and technologies required to keep both your business’ and your customers’ data and privacy safe.

Top image credit: User Alan, Creative Commons