NCSS small.png



Every day in the news, we hear about data breaches. Are you concerned

your sensitive business, customer and supplier data is not protected?




All data needs someone in your organization to determine how valuable the data is that you want to protect. In the

cybersecurity business, we call that person a data owner.


The data owner could be the inventor who created your secret sauce, your CEO who devised your unique business

strategy, or the customers who depend on your services.


Not all data needs protection. The data owner can be called upon to determine which data to protect, how sensitive

it is, who can access it and use it and the severity/criticality of the data if it is lost or stolen.


It’s easy to say that your payroll data is critical for your business, but what about the age of your equipment and warranty

schedule? It may not be critical now, until you need to replace it or ask the manufacturer to repair it. The business/data

owner can help you decide how “critical” various data elements are that you need to protect.



Data protection can include protecting the data by preventing access to the device (via passwords or other authentication

methods) even while it is stored on a laptop or memory device. Ensure that any critical data stored on removable device

(memory stick, disk, hard drive, laptop, tape) is password protected. These devices and the data that resides on them can

be easily stolen and compromised. If the device is password protected, it will be harder to gain access to the data stored.



Simple cyber safe business practices can help protect your data. Your employees are often your best defense in protecting

your data. They know the ins and outs of your business, when deliveries are made, who the suppliers are, who your critical

customers are, profit and loss data and many more unique business facts. Don’t let that information get leaked, stolen or

posted on social media.



  • Data protection is also about protecting the devices you use to store, manage and track your data. Here are some simple

tips to prevent data loss.

  • Hardware and software inventory life cycle status – do you know if your equipment is still supported by the manufacturer?

Have you downloaded the latest updates? Does the vendor still support the applications you are using for your business?

It is important to know where you stand in your inventory life cycle and whether it might be time to update your hardware

and software.  This is one of most overlooked cyber safe practices that criminals often use to gain access to your data.

  • Conduct regular maintenance and run virus scans, learn how to run a utility system that can diagnose your system for

problems. These utilities can prevent little problems from becoming big problems, and will keep you in business.



Before you make changes to critical data, always make a duplicate. Even if you just made a backup yesterday, make another

and label it. If you or your employees create a backup on a removable drive, have the drive or memory device password




Something you probably never thought of, but what happens if there is a fire at your facility and your only backup was on-site

and was lost in the fire? Keep a copy of your critical data offsite. If you use a managed service provider to store your data and

applications, ensure that they provide you the ability to recover your data if it is compromised at their site. Know what is in the

fine print before you sign the agreement. If they don’t provide a guarantee - find another provider. Another option - one service

provider may not be enough - you might need another provider in another region of the country to ensure your data is backed

up – based upon your needs for recovery.


Did you know…

Here is a set of cyber safe business practices that you can easily implement:

  • Advise employees to routinely save their work, sounds simple, but hours of work could be lost if they don’t think to stop

and save.

  • Never open email attachments by habit or click on links unless it is a secure site and you know where the email


  • Never allow employees to use memory sticks or disks from someone outside the company, unless someone has

scanned it first for viruses.

  • Keep your business operations private and instruct your employees about what can and cannot be posted on social

media. Adversaries can use facts posted on public sites to conduct social engineering scams to trick your employees and

compromise your operations.

  • Advise your employees to keep their passwords safe and secure and use our guide on how to create secure passwords.


Download a PDF of this fact sheet.


Still have questions, need help?

Contact us at our “Ask-an-Expert” service, or visit us at the link below.


©2018 National Cybersecurity Society, All Rights Reserved



Become a member of The National Cybersecurity Society today and learn more about how to protect your business from a

cyber attack.



About The National Cybersecurity Society

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness

and advocacy to small businesses. The NCSS provides cybersecurity education tailored to the needs of the small business

owner; helps small businesses assess their cybersecurity risk; distributes threat information to business owners so that they

will be more knowledgeable about the threats facing their business; and provides advice on the type of services needed to

stay safe online.

Similar Content