You don't have to be United State government to recognize risks of having lax data security practices in place these days. And while larger organizations have robust IT departments, small companies often don't have the luxury of a huge budget.
Fortunately, there are a number of very simple ways in which small businesses can secure their data without burning a ton of cash.
This series on data security and privacy is brought to you by IBM. Find out more about how IBM is creating a Smarter Planet.
Careful With That Thumb Drive
Depending on the type of business, USB thumb drive-toting employees can turn into security risks, either by walking away with critical data or by inadvertently introducing malware to your corporate network.
At the very least, IT departments should install anti-virus software that automatically scans an external storage device as soon as it's plugged in.
For companies with particularly sensitive data (such as law firms or anybody dealing with medical records or government data), it might be worth considering disabling the use of USB thumb drives. There a few ways to do this, at least on Windows.
Use Strong Passwords and Change Them Regularly
This one isn't exactly breaking news, but far too often small business owners and employees are lax with their password security. Many naturally gravitate toward passwords that are easy for them to recall, such as a pet's name or a special date. The easier one's password is to recall, the easier it is to be guessed by somebody else or hacked by a third party. As a general rule, create passwords that are at leat eight characters in length and include a combination of uppercase and lowercase letters, as well as numbers and symbols.
When in doubt, you can use a password strength checker to test passwords.
Between email, collaboration apps, social media accounts and any number of other Web-based tools used by small businesses, there are potentially a dozen or more passwords for one company. While it may be tempting to simplify things by reusing the same password for all these accounts, this is a very bad idea.
As annoying as it probably sounds, routinely (ideally every three months) changing one's passwords is recommended by security experts as a best practice.
Never, Ever Connect to Unsecured WiFi Networks
In a recent survey, 25% of SMB employees admitted to using unsecured WiFi networks to do work. This is a terrible idea. For evidence of how easy it is for others to hijack an HTTP session and capture private data, look no further than Firesheep, a Firefox plugin that lets people do exactly that. Of course, even more sophisticated tools exists that can do even more damage.
Photo by Flickr user CarbonNYC.