By Timothy Zeilman

The New Year brings a fresh start and new opportunities for your business. It’s also the time to make improving data security part of your 2015 resolutions. With cyber attacks and data breaches increasing, it should be a critical part of your business plan.

Think it won’t happen to you? Think again. The Ponemon Institute surveyed small business owners nationwide for HSB and found that 55 percent had experienced a data breach. Almost one-third also had a cyber attack such as a computer virus in the previous year and 72 percent were not able to fully restore their company’s data.

The big attacks at Target, Home Depot, eBay, Sony Pictures and other large corporations get most of the media attention. But data thieves also focus on smaller businesses. Some even prefer them, since so many small businesses have weak data security.

Sometimes hackers will target a smaller business as an entry point or “back door” to infiltrate the computer system of a larger company. As a supplier or service provider, the smaller company has access the hacker can use to bypass the big company’s tougher security.

Most states have breach notification laws that require your business to notify the people affected. That can cost $50 to $100 per record or more, not to mention the damage caused to your business reputation and customer relationships.

What can you do to protect the personal information you keep on customers, employees and others? You should think like a hacker. So we asked some “white hat” hackers to develop a list of tips that can help you strengthen your data security.

  1. Outsource payment processing. Avoid handling credit cards on your own. Reputable vendors can protect your data better than you can.
  2. Separate social media from financial activity. Use a dedicated device for online banking. Use a different device for email and social media.
  3. Think beyond passwords. Never reuse them and don’t trust any website to store them securely. Set up a two-factor authentication; this sends a secret code to your phone verifying your identity.
  4. Educate and train employees. Have a written policy about data security, and communicate it to all employees.
  5. Stay informed. Identify where your organization is most at risk. Then, question the security of your business lines, vendors, suppliers and partners.
  6. Encrypt all your data. Also consider encrypting email and avoid using Wi-Fi networks.
  7. Secure your browser. With the growing threat of malicious code installed on trusted websites, focus on keeping up to date with the latest version.
  8. Secure your operating system. It’s far easier to break into older systems like Windows XP or OS X 10.6. Take advantage of security improvements in newer systems.
  9. Secure your router. It connects your computer to the Internet. Set a strong admin password and a WPA2 password on your Wi-Fi.
  10. Secure your data. Always have a backup. Ideally, your backups should be encrypted and stored off-site.

Timothy Zeilman, vice president and counsel for The Hartford Steam Boiler Inspection and Insurance Company, works with other insurance companies, agents and brokers to provide cyber insurance programs for businesses and organizations.