Share this Article:
Share Article on Facebook Share Article on Linked In Share Article on Twitter

By James Pruitt, Senior Staff Writer

No company is a fortress, least of all small businesses. However, threats from outside are very real. Outside hackers as well as internal saboteurs can ruin a company. As the Internet comes of age, the good business practice requires that business people grow in sophistication just as the motley crew of potential scammers does the same.

1) Relationships with Employees

Creating a culture of security can save a business. One data breach can ruin a company. Access to a company’s online records merits careful consideration.

On an ongoing basis, workers should receive education about the dangers of online interlopers. Not every computer operator may understand even basic security concepts, such as the dangers of opening attachments. Periodic security courses can refresh employees’ knowledge regarding outside scammers, and the education can even benefit the employee in the long term.

At the very least, measures should be taken to ensure the separation of online life between work and home.  The use of workplace confidential information on unsecured home devices could make easy marks for scammers hungry for confidential information they can sell online.

Assuming the employee has an email account, the employee should know the basics of online scams such as “phishing,” fake online antivirus scams, and any of a host of more insidious schemes that may install malware or spyware onto company computers. Here is a link to some of the most common scams:

Additionally, former employees commonly defraud small businesses with the information they carry off from the worksite. Employers should be as realistic about their own needs as they are about their relationship with their workers. As employees leave the team, their logins should be deleted immediately. Password management software may help with this process. Applications such as Dashlane or Lastpass may prove invaluable in managing IT aspects of any sort of offboarding.

In any case, good business practice demands (1) careful education of employees regarding good security practices, and (2) consideration of the terms of employee separation.  

2) Consider Industry Standards: Different Industries may have Different Forms of Sensitive Information

Some businesses may handle specialized information subject to unique legal requirements. For example, medical records may constitute PHI (Personal Health Information). In such cases, contracting businesses need to adopt practices under HIPAA (the Health Insurance Portability and Accountability Act) to ensure compliance. These practices may include seemingly extreme measures including computer privacy screens, injunctions against in-office cell phones, and measures to keep medical records out of the open air. Such measures may seem silly but are important for small businesses contracting with medical organizations that handle protected health information (PHI). Violations of HIPAA may range from medical ridicule to identity theft. These violations may also result in any range of consequences from jail time to monetary fines.

Other similar privacy laws may include the Family Educational and Privacy Act (FERPA). Many smaller businesses handle confidential information under FERPA and HIPAA. Protection of such information is crucial and may require special training under each statute.

3) The “Right” Security Expertise

Many companies now outsource their information technology needs. As these companies become more affordable, Veteran Business Owners should research IT services that best fit their niche. Many independent companies specialize. For example, legal, medical, and educational IT companies may provide the right expertise for various relevant companies. The expertise of such companies may provide crucial expertise for the unique logistical and legal demands of smaller companies handling sensitive online information.

Finding the right security software can present another problem. The tricky landscape of online security can daunt the most discerning business managers. Some online security applications are outright scams. Others may not quite provide the necessary airtight protection against the most skillful breaches. Many small businesses find larger, established companies such as Norton satisfactory. Others choose to do their own research.

The Bottom Line

In sum, honesty and common sense should prevail in the management of company information. The most sensitive information may include private customer information, gatekeeping data such as passwords, and internal proprietary information hidden within company records. In fact, the standard should be airtight security whenever possible, rather than mere due diligence.

VAMBOA, the Veterans and Military Business Owners Association hope that this article has not only been valuable but provided some unique perspective.  We work hard to bring you important, positive, helpful, and timely information and are the “go-to” online venue for Veteran and Military Business Owners.  VAMBOA is a non-profit trade association.   We do not charge members any dues or fees and members can also use our seal on their collateral and website.   If you are not yet a member, you can register here:

We also invite you to check us out on social media too.



Do not forget that VAMBOA members receive significant discounts on technology needs.   Check them out here: