Big hacks and security breaches are always in the news these days, often affecting big high-profile enterprises and government agencies. As you think about the hacks of large businesses, don’t assume the data of your small business is any safer than that of a large enterprise. While the numbers are not as big, the risks are still great, and you need to be prepared.

When you hear about a widespread data breach, find out if you or your employees may have had data caught up in the attack, including company credit cards, bank account information or personnel data. See if the hackers used any previously unknown vulnerabilities in security software that you may use.

When your data is in a big breach

Recent data breaches have struck big companies like payroll processors that hold employee records, as well as various cloud-based services that store all kinds of data for individual people and businesses. If your business has data stored with such a service that gets hacked, pay careful attention to reports from the affected company about what data was compromised and determine if you need to notify your employees, customers or suppliers. Consider consulting an attorney if you’re not sure of your legal obligations.

Another breach possibility may be that a corporate or employee credit card or other banking information is compromised when a company you make purchases from becomes a target. Talk to your financial institution about the risks involved. Make sure to pay careful attention to your statements and look for any unauthorized charges. If this occurs, you are well advised to close the affected accounts and open new replacement accounts.

Security risks from multi-company hacks

In some cases, a well-known cybersecurity incident might not be limited to one specific company, particularly if it involves an attack using vulnerabilities in software that can be exploited in an automated way. If this happens, viruses and other malware may exploit those security holes to attack lots of different targets, steal data, hold data for ransom or simply wreak havoc.

To reduce the risk of being part of multi-company attacks like these, make sure to update the software that runs on your computers and other devices, including operating systems and other application software such as web browsers. Lots of software will update itself if it’s set to do so, which can be a good idea for regular maintenance and protection.

Firewall software or hardware, which limits the connections to and from your computers to reduce the risk of unauthorized activity, can also help limit the risk of hacker and malware attacks.

If you don’t feel you have the expertise to set up data security systems for your business network and computers, contact an expert on data security for small businesses to determine what your company needs. You may be able to find such an expert locally or nationally or work with your internet service provider for help.

General security practices for small businesses

Consider the following when establishing or improving security practices for your business:

• Have a plan in place in case there is any kind of cybersecurity breach or other issue involving your business. Determine whether you’re going to call in particular experts and how to reach them, and who should make decisions about whether to notify customers or employees of a particular breach. Consider consulting an attorney or other expert to make sure your decisions comply with the law where you are.
• Take the steps to be ready, starting with the right security software. From there, make sure everyone in your business has a good awareness of password security protocols, such as not reusing passwords from one site to another, in case one is hacked.
• Make sure your employees are aware of the risks of phishing attacks, where they may receive scam messages through email or other channels impersonating someone and trying to get access to corporate data. If an email seems suspicious, it’s a good idea to delete it and definitely avoid opening any attachments that come with it, in case they contain malware. If it’s unclear whether an email is genuine, verify any requests it contains, such as if it asks you to send confidential information or download particular software that could infect your network.
• Make sure to keep the software installed on your business devices updated, instruct your employees in good data protection practices and use firewall and antivirus software to keep malicious people and malware out of your network.