Cybersecurity for Small to Mid-Size Businesses

News of massive leaks of sensitive personal information is becoming all too common. It was only months ago when Target announced that upwards of 70-110 million people who swiped their cards at the giant retailer had their information stolen, information containing names, phone numbers and credit card numbers.

In March, the data breach epidemic hit closer to home when the University of Maryland at College Park revealed that hackers had accessed private information—including social security numbers—of 310,000 students, staff, and faculty. This remains an active investigation for the FBI, among other state agencies.

So, the question remains—Is there anything smaller to mid-size businesses can do to prevent data theft, businesses without huge data security budgets? Actually, there is a lot a small business can do. In addition to strong firewalls and updated malware programs, the Federal Communications Commission is a good place to start. Not only does the FCC have programs to help small businesses construct cypersecurity plans for their specific needs, the FCC regularly updates their tips to reflect challenges and concerns in data security.

While many businesses already follow some of their guidelines, some of their suggestions highlight areas where many businesses are weak, such as mobile phone platforms, roaming databases, password modification and the limits of personal authority for software installation.

“Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks,” observed the FCC.

Here are three points from a list of ten of things the FCC believes small businesses could be doing better:

  • Create a mobile device action plan: Many employees can and do access their company’s databases from their smart phone. There needs to be extra security measures on such devices not if, but when, a phone is misplaced or stolen.
  • Limit employee access to data and information, and limit authority to install software: Employees are not as knowledgeable as they should be about what programs have the potential to exploit their systems. The ability to install new software on company computers should be limited.
  • Reset Passwords and authentication: Passwords or other authentication methods should be reset every three months, and there should be email alerts to ensure this is done.


View the FCC tips and guidelines here:

News, Tips & Insights Sign-Up to Receive Updates

Enter your email address to subscribe to our digest of accounting and firm news.

  • This field is for validation purposes and should be left unchanged.