Introduction

<p> Many small businesses have lax information security, or worse, no security at all. Cybercriminals know that, and as a result have been targeting small businesses with increasing frequency.</p> <p> Rigged emails are being sent to small companies, downloading malware designed to steal financial documents or hijack online banking sessions &mdash; and <a href="http://www.securitynewsdaily.com/765-when-online-accounts-are-robbed-should-banks-pay.html">banks won&#39;t always cover the losses</a>.</p> <p> Gangs drive around cities, <a href="http://www.securitynewsdaily.com/1073-war-driving-seattle-cybergang.html">sniffing for insecure Wi-Fi networks</a>. Employees put company files on unprotected home machines.</p> <p> Despite these examples, many small-business owners <a href="http://www.securitynewsdaily.com/217-small-businesses-dont-see-themselves-as-cybercrime-targets.html">don&#39;t see themselves as likely cybercrime targets</a>, and don&#39;t see the need to spend on information security.</p> <p> To avoid becoming the next victim, here are 12 tips to help you, the small-business owner, beef up your cybersecurity.</p>

Implement user-education and compliance programs

<p>It doesn&#39;t matter if you have 100 people at your company or 15 &mdash; you need to have a rotating <a href="http://www.securitynewsdaily.com/159-data-diet-can-create-digital-safety-awareness-at-universities.html">security education program</a>, said Tim Armstrong, Boston-based malware researcher at Kaspersky Labs.</p><p>Even if you&#39;re revisiting the same information, you need to hold sessions on a regular basis.</p>

Purge data from printers and copiers regularly

<p>Most <a href="http://printers.toptenreviews.com/all-in-one/?cmpid=ttr-snd" target="_blank">all-in-one models</a> store copies of everything you copy and print on their hard drives &mdash; indefinitely.</p><p>If you lease your machine, or if you purchased it outright and plan to sell it at some point, you have to learn how to purge it of sensitive information, Armstrong said.</p>

Stay away from public Wi-Fi networks

<p>Employees should not use <a href="http://www.securitynewsdaily.com/90-public-wi-fi-can-be-hacked-in-5-seconds.html">open Wi-Fi networks</a> at airports, hotels, coffee shops, cybercafes or any other public place to connect to your company network.</p> <p> Cybercriminals can use unsecured wireless connections to gain access to your employees&#39; devices &mdash; and thus all the data on your company network, as well as corporate documents stored on their devices.</p>

Ensure that employees put PIN (personal identification number) locks on all their mobile devices

<p>You&#39;re probably not going to enforce a ban on employees putting your company&#39;s <a href="http://www.securitynewsdaily.com/1435-bring-device-work-security-risks.html">sensitive data on their mobile devices</a>. But you can require that they protect that data.</p> <p> &quot;The biggest threat to a mobile device is leaving it behind or losing it,&quot; Armstrong said. &quot;Encryption can make a lost device worthless to an attacker.&quot;</p>

Have a separate computer network strictly for your human resources department

<p> &quot;There really should be some sort of separation with HR because people who work in HR get PDFs all day, every day, which they have to open,&quot; Armstrong says. &quot;A PDF can be a pretty successful vector for malware.</p> <p> &quot;HR is a unique environment in that [HR staff] have a lot of access to external people; they&#39;re opening a lot of attachments; and they have a lot of exposure to protected employee data within the organization,&quot; Armstrong said. &quot;So <a href="http://www.securitynewsdaily.com/340-resume-malware-targets-hiring-departments.html">HR makes a great target for an attacker</a>. That&#39;s why it&#39;s a good idea for HR to have some sort of separate environment that just used to look at new employee resumes or documents.&quot;</p>

Have data loss prevention (DLP) software in place

<p>Company secrets <a href="http://www.securitynewsdaily.com/225-small-businesses-need-to-practice-safe-tech-habits.html">get leaked all the time</a>&mdash; through chat, email, etc.</p><p>That&#39;s why you should implement DPL software to detect and prevent your company data from being sent to people outside the company.</p> <p> &quot;You should install software that looks at the chat logs, anything external or any traffic going in and out of [the] organization, outside of the regular network traffic and the regular websites employees are visiting,&quot; Armstrong said. &quot;DLP will look at chat, Web and email traffic in one complete package.&quot;</p>

Keep anti-virus and anti-spyware software up-to-date

<p>Be sure you have the latest versions of your anti-virus and anti-spyware installed, Armstrong said.</p><p>If not, you could be inviting the bad guys to <a href="http://www.securitynewsdaily.com/518-how-to-make-sure-online-banking-safe.html">hack into your systems</a>and steal your company data.</p>

Emphasize clear security policies

<p>All the people in the organization must know their roles and responsibilities, <a href="http://www.securitynewsdaily.com/460-private-smartphones-tablets-threaten-office-networks.html">be committed to security</a> and understand as much about it as they can, said Hord Tipton, executive director for the International Information Systems Security Certification Consortium, aka (ISC)2, the largest not-for-profit membership body of certified information security professionals worldwide.</p>

Be sure your employees are complying with your security policies

<p>Make employees aware that there are consequences for not following those policies, such as by <a href="http://www.securitynewsdaily.com/517-corporate-data-security-lax-getting-worse.html">putting sensitive data on a laptop</a>that&#39;s not encrypted.</p>

Keep it simple; don&#39;t go for complex security solutions

<p><a href="http://internet-security-suite-review.toptenreviews.com/small-business-internet-security/?cmpid=ttr-snd" target="_blank">Simple security</a> always winds up being the best security, and it&#39;s cheaper and easier to maintain for small businesses, said Tipton, the former chief information officer of the U.S. Department of the Interior.</p>

Go for the top-down approach

<p>Small businesses almost always start building their security programs around <a href="http://www.securitynewsdaily.com/630-sony-admits-to-massive-playstation-network-data-breach.html">one-off incidents</a>. They address problems as they come up or as they read articles about them, Tipton said.</p> <p> &quot;They don&#39;t put the top-down approach to it,&quot; Tipton said. &quot;By the time they get to do that, it&#39;s kind of too late because they&#39;ve already bought all these independent silo-type solutions and their policies aren&#39;t connected. If I were to start a company, I wouldn&#39;t want to build it with silos or piece solutions together.&quot;</p>

Be sure to back up your data

<p> &quot;Companies that don&#39;t have <a href="http://data-backup-software-review.toptenreviews.com/?cmpid=ttr-snd" target="_blank">backups</a> and contingency plans in today&#39;s world&mdash;their gooses will be cooked sooner or later,&quot; Tipton said.</p>

12 Security Tips for Small Businesses