10 SMB Security Threats to Avoid

April 28, 2015


You probably don’t leave your purse or wallet out on your desk in plain sight during lunch in a restaurant, or leave your car running with the keys in the ignition when dropping off a package to ship. After all, you don’t want to make it easy for someone to steal your money or possessions.

That’s also the right approach for protecting your small business. You don’t want an employee to access your confidential financial or customer information or allow an outsider to break into your system. Here are ten common holes in security and how to guard against them:

1. Insecure passwords. Require employees to use hard-to-break passwords, such as combinations of letters, symbols, and characters, rather than someone’s birthdate, spouse, or pet, and keep them secure. Make it a policy to change passwords every few months, and don’t give your own password to an employee, unless it’s a personal or business emergency. If that does end up happening, reset it as soon as you’re able. Don’t share passwords among different uses, as well; make sure your business password is different from the ones you use in your personal life.

2. Not securing yourself against or falling for phishing scams. Make it difficult for criminals to gain access to your data. One way to do this is by installing security and anti-virus software with settings that alert you to suspicious activity on your computer. Be sure you instruct your employees not to click on any email or social media messages that seem suspicious. If in doubt, bring in a security expert or replace a contaminated computer until it can be “scrubbed” clean.

3. Releasing sensitive information. Train your employees on safe social media practices. Be sure that they don’t reveal any trade secrets or personal information about your customers. On the other hand, writing a blog about a business milestone or posting photos of a company picnic is just fine. Instructing them on the right type of content to post will help minimize your risk in this area.

4. Leaving your network open. Secure your Wi-Fi network. Use a strong password to be sure that someone driving past your building can’t log in to your system. It’s usually a good idea to limit guest access to your system. If you have a high volume of customer traffic, you might consider setting up a separate Wi-Fi network, even though it will increase your overhead costs.

5. Not storing credit card information appropriately. Guard against credit card theft. Be sure your eCommerce platform meets the Payment Card Industry (PCI) data security standard. That helps protect against intruders who want to steal credit card information and encrypts your financial transactions before they are transmitted over the Internet. If you take physical payments, upgrade to a chip card reader to increase the security of your credit card transactions in person.

6. Sharing too much information internally. Limit employees’ access to financial, banking and other confidential information. In addition to using passwords, you can configure your network so that permissions are needed for accessing certain types of data. For instance, your business manager would be able to get into bank accounts in order to pay bills or update the records, but a sales manager would be denied entry.

7. Giving new users free reign with permissions. Set an appropriate permission level to your systems after hiring a new employee. Setting up a network account for a new user is usually a simple process, but don’t forget to give them only the permissions they need. Remember that you can always give a newcomer a higher level of access as their job-related responsibilities increase. ShipStation also offers the ability to control access, by choosing permissions on a user level.

8. Ignoring software updates. This is true for both your mobile devices as well as your computer. In many cases, these updates are designed to enhance security or protect against recent threats. Usually you can configure your applications to download and install these updates automatically.

9. Not having backups. Keep your confidential data backed up in a separate and secure location. If an intruder gains access to your network and “locks up” your computer, steals your financial records, or tampers with your customer files, you can still keep your business running by downloading that backup data to another device or computer system.

10. Keeping backups secure. Keep confidential data housed in the cloud or on the office network. Don’t allow employees to download and store sensitive information on their smartphones, tablets, or laptops. Otherwise, the loss or theft of a mobile device could compromise the security of your business. Let your employees log in and access the information they need to do their jobs, but keep the database and account information in a secure location. Additionally, don’t write down any confidential information on paper. If you must, keep it in a locked file cabinet or safe.


Today, security needs to be a high priority for every business, large or small. Taking appropriate precautions can keep your company on the right path and allow you to sleep better at night.