Business technology solutions are extremely beneficial, especially to small businesses. They can help organizations and their employees get more done by streamlining their workflows and providing user-friendly features. In the same breath, they can automate some elements of business making day-to-day operations easier for small teams and even help revenue growth.
Whether you’re ready to invest in a tech provider or are still perusing the market, there are some cybersecurity-related questions you need to ask before doing business with them. Here are six:
1. Do You Have a Data Breach Prevention Strategy?
Data breaches are increasingly common in today’s world and the businesses that handle your data should have steps in place to prevent them. A TechCrunch journalist conducted an independent study of data breach notices sent to Californians and found about one-third of the 285 total messages featured this famous one-liner: “We take your privacy and security seriously.”
That statement sounds good on paper but doesn’t hold up if companies can’t back it up with actionable steps they’ve taken to keep your business and customer data safe.
While in discussions with business tech providers, ask them about some of the specific things they do to prevent data breaches from happening. Then, you should be able to make a more informed choice about whether to entrust the company with your data to use its product.
2. Does Your Tool/Platform Offer Two-Factor Authentication?
Two-factor authentication (2FA) is an identity verification process that requires a person to enter a password along with something delivered to them in real time, such as a code or one-time login token they received via text or email. This additional layer of security means if hackers obtain log in information through a brute-force attack, phish or other means, they still need another element to login to an account.
Outside of directly asking a technology provider if their platform or tool has 2FA, you can browse an ongoing list of companies and services that offer it. If the company does not have a 2FA implemented yet, feel free to press them by inquiring whether it’s in the works and, if so, when they plan to roll it out to customers.
3. Are You GDPR-Compliant?
The General Data Protection Regulation (GDPR) came into effect in May 2018 and it applies to all companies that conduct business or engage with customers in the European Union. At first, you may not see the link between GDPR compliance and cybersecurity, but it exists.
For example, a GDPR-compliant company should take cybersecurity into account by having integrated network access endpoints and going beyond standard firewall protection to encrypt unstructured data. Some of the companies that are most committed to GDPR compliance have relevant statements on their websites.
4. What Kind of Access Controls Are in Place for Service Provider Employees Who Handle My Data?
A 2018 study from Shred-it found employee negligence to be the primary cause of data breaches. It warned human error and accidental data losses could also negatively impact corporate reputations. You may not receive details about the various things a technology provider does — or should do — to make employee blunders less likely to cause damage. However, you can at least ask whether the company uses tight and appropriate access controls that ensure only the employees who genuinely need to view or work with your data can see it.
In the best-case scenario, an employee only has the access they need to carry out assigned tasks. However, some companies decide it’s easier to give far-reaching access to workers who don’t require it. This means the likelihood of your data being compromised increases. When a company monitors access controls and adjusts them accordingly, the chances of malicious actions from a disgruntled employee affecting your data also decrease. Look for organizations that specify that no employee gets unwarranted data access.
5. What is Your Software Update Policy?
Old software can put systems and networks at risk for cyberattacks, especially once hackers learn to exploit known vulnerabilities. It’s more common than you might think companies to continue using outdated software. A small study found that 89 percent of businesses still use legacy applications to maintain access to archived information.
However, there are other reasons for not keeping software updated, including a lack of awareness of newer versions or not receiving internal prompts that tell users to update. That’s why it’s a good idea to ask the companies that may provide your next tech solutions if they automatically update their software solutions for you as required.
Some updates occur automatically via the cloud, or you can schedule them to happen outside of business hours. Then, your software stays current and well-protected from cyberthreats without you needing to remember.
6. Do You Have Filters or Similar Features That Protect My Users from Cyberthreats?
Some of the brands offering technology options for business have built-in protection that stops things like malware and phishing messages from reaching the people who use the respective tools. For example, some companies are capable of deploying smart technology that blocks suspicious or dangerous emails before they reach users. Other companies have built-in virus scanners that check attachments before recipients open them.
If you have administrative access to a company’s tech tool, be sure to ask for a rundown on the steps you can take to manage any such integrated features at an individual account level or across an entire team to best meet the needs of your enterprise.
Make Cybersecurity a Top-of-Mind Concern
Cybersecurity should remain at the forefront of your conversation with sales representatives or other people associated with business technology solutions you may purchase. After all, the most pioneering and time-saving features don’t seem so outstanding if it turns out the provider does not make cybersecurity a priority.
You can use the questions above as staring points to shape any of your discussions with vendors about their products. Moreover, don’t be afraid to bring up such queries throughout your business relationship, rather than only at the beginning.
Kayla Matthews is a productivity and technology journalist with interests in big data, cybersecurity, IoT and other technologies. Aside from her tech blog, Productivity Bytes, you can read more of her work on CloudTweaks, Malwarebytes and IT Security Guru.