6 Best Practices SMBs should Adopt to Protect their Data



Small and midsize businesses have emerged as a popular target for cyber criminals. Here are six best practices SMBs should adopt to bolster their data protection efforts.


1. Make data protection the top priority for your security program.

Valuable customer or business data is the ultimate target of the vast majority of cyber attacks, so prioritize data protection first and foremost. Data breaches are inevitable but losing your sensitive data is not.

2. Identify your critical IT assets and sensitive data.

Identify which IT assets within your business are the most valuable and what type of sensitive data they hold – this will provide the visibility and control capabilities needed to prevent attackers from accessing and stealing your sensitive data.

3. Protect those data assets.

Once sensitive data is identified, label it. Classifying sensitive data with digital labels such as “internal only” or “confidential” will help with tracking sensitive information that will be targeted by attackers. In addition, have complete visibility over who is accessing data and how it’s being used and shared, both internally and externally.

4. Improve security education for employees.

Add data protection policies to manuals and employment agreements, and train employees regarding the use of confidential data. Also be sure to perform regular security educational training and invite your contractors, vendors and partners to participate. Include examples of social engineering techniques and common attack methods so your employees will be aware of the threats currently targeting them.

5. Know that “compliance” isn’t enough.

Although many industries have basic compliance requirements, like HIPAA, PCI and Sarbanes-Oxley, these compliance standards are just the beginning to securely protecting your sensitive data. They’re a good foundation, but more must be done to keep business-critical data – beyond credit card numbers and social security numbers – safe.

6. Be prepared if your data is stolen.

Even the most security conscious organizations in the world get attacked and lose sensitive data. Accept that it could happen and have an incident response plan at the ready.

Mark Stevens

The Quick Guide to Data Protection Managed Security Services for Midsize Businesses

Use this eBook to learn how to effectively outsource security for your midsize business.

Download now

Related Articles
DBIR: Attackers Want To Steal Your Manufacturing Secrets

The threats of intellectual property theft and industrial espionage weigh heavily on manufacturers, according to this year’s Data Breach Investigations Report from Verizon.

Left of Boom: The Importance of Protecting Critical Data

Identifying your ‘crown jewels’ is a key step in modern risk management. It’s also much easier said than done.

Friday Five: 4/12 Edition

A once defunct hacking forum returns, the New York Times on privacy, and spyware apps - catch up on the week's infosec news with this roundup!

Mark Stevens

Mark Stevens is senior vice president, global services at Digital Guardian, responsible for driving customer success across professional services, managed services, and support and training.

Please post your comments here