If you’re a small business owner, you probably spend most of your time focused on growing your business, customer service, and improving your products and services. That’s normal—it’s how most small business owners spend their time. Now, how much time do spend worrying about data security?
If your answer is either “little to none” or “what does that mean?” – you’re not alone. Data security is typically not a top-tier priority for SMBs. Moreover, there’s a good chance that you don’t believe it’s even really necessary.
But the reality, unfortunately, is that 43% of all cyber attacks target small businesses, and 48% of data security breaches are caused by acts of malicious intent.
What Are Cyber Criminals After?
In almost all cases—regardless of whether the target is a large enterprise or your small business—the goal of cyber criminals is to steal personal data to use for credit card scams and/or identity theft. While larger enterprises typically have more data to steal, small businesses tend to have less secure networks, making them much easier to breach.
Worse still, because data security is not something that small businesses typically devote much time or effort towards, many business owners aren’t even aware a theft has occurred until long after the crime has happened.
Understanding Data Security Terminology
If you want to start protecting your business from the threat of data theft, it’s important to know some of the terminology used in the world of data security.
Here are ten of the most important data security-related terms every business owner should know:
1) Adware
Advertising software that may (or may not) monitor your computer use in order to target ads to you. This data is often sold to third parties in order to help them improve their marketing tactics and messaging.
2) Denial of Service
A cyber attack that overwhelms or impairs computer networks, systems, or applications by flooding them with data requests.
3) Encryption
The process of converting regular text – in an email, for example – to unintelligible text using a cryptographic algorithm. The text is converted back to its original form when it is received by the intended recipient.
4) Keylogging
The action of recording (logging) the keys pressed on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Spyware and malware may use keylogging to steal usernames and passwords, among other things.
5) Malware
Refers to malicious software (malware) programs designed to damage or perform other unwanted actions on a computer system. Malware may be used to steal private data, delete data from a user’s computer, or give other people access to a user’s computer without their knowledge.
6) Multi-Factor Authentication (MFA)
Multi-factor authentication – also called MFA – is a form of security authentication that requires a user to present two or more authentication factors in order for the authentication to be complete.
For example, two-factor authentication (2FA) commonly asks users to input their username and password (authentication part one), and then might send them a text message or email with a code or link (authentication part two).
7) Phishing
Phishing refers to attempts by an individual or group to solicit personal information from unsuspecting users by posing as a legitimate organization or a person (or coworker) they already know.
Phishing scams are very common in the workplace and typically take the form of emails, text messages, or social media messages.
8) Ransomware
A type of malicious software, or malware, designed to block access to a computer system until a financial ransom is paid. Ransomware is typically spread through phishing emails or by unknowingly visiting an infected website.
9) Spyware
Software installed onto a computer system to gather information on individuals or organizations without their knowledge.
10) Virus
A computer program used to compromise a computer system by performing actions that may be malicious and/or destructive. Viruses often create copies of themselves and send them to other computers that the host computer has access to.
How To Protect Yourself
It’s an unfortunate reality in this day and age that every business owner needs to have at least a basic awareness of, and plan for, data security.
Your data security plan doesn’t have to be overly complicated or costly, and in most cases taking basic precautions with your business’s data will be sufficient to keep it protected from all but the most determined cyber attackers.
The FCC has a great ten step action plan for small business cybersecurity. Additionally, partnering with a reliable IT services provider can help provide additional security and controls for your business.