Just because your small business isn’t in a crosshairs doesn’t mean it’s not a target. This is the 21st century, the digital age. Today’s bandits don’t ride horses or rob stagecoaches at gunpoint; they hack websites and steal personal information. Credit card numbers, social security numbers, birthdays, passwords, and other sensitive data may be at risk. How protected do you feel against today’s threats? What concrete steps have you taken to shore up your defenses? Here are some tips to help you, courtesy of business cybersecurity services professionals.
It should go without saying that viruses, spyware, and other malicious programs are a threat to your business’ online security. It should go without saying, but let’s say it anyway, just to be sure! Every computer in your business should have a reputable anti-malware program installed, and preferably more than one. Norton antivirus is a possibility, as are the free programs Malwarebytes, Adaware, and Spybot Search and Destroy.
Make sure to update these programs regularly! You might even want to consider setting them to accept updates automatically. Anti-malware programs are only as good as the last update, so it’s essential to keep on top of that.
Be sure to use a secure firewall and encrypt your information. If you have Wi-Fi, keep it safe and hidden. You might consider setting up your router, so it doesn’t broadcast the name of the network, or Service Set Identifier (SSID). You’ll want to password-protect your Wi-Fi network.
Your company will need to institute multi factor authentication for employees. That means they will need to use not only a password but a code sent to their phone or email for logins from new devices. You’ll also want to check with vendors that handle sensitive information, such as financial institutions, to find out what their security policies and best practices are on this matter.
Make sure your employees aren’t using names, birthdays, or other personal information as passwords, and make sure the password isn’t something ridiculously easy, like “password.” It should be something fierce to guess, with a mix of capital and lowercase letters, numbers, and special characters. You wouldn’t think so, but really, weak passwords are one of the significant factors involved in hacking incidents.
Your business should regularly backup vital data on its computers, including financial spreadsheets, HR files, databases, and so on. Store the copied data in the cloud or offsite.
Make Policies Clear
Your company should have a prominent policy on how to handle sensitive information such as credit card numbers. Make sure the employees know the system and the consequences for not following it. Also, be sure that when they post on social media or any other public venue that they’re not leaking any information vital to your enterprise. Businesses are run on trust and are only as good as their reputation.
Some mention has been made of this already but do be sure that you’re using best practices when handling your customers’ credit card information. Work with banks and credit card companies to make sure you’re using trusted and high-quality fraud deterrence services and other tools. Make sure you are meeting all your security obligations, including managing the transition from magnetic strip processing to chip processing.
Your business will naturally need to restrict authorized access to any computer terminal with sensitive data. Make sure that all unattended laptops are kept under lock and key. Make sure that each employee has a separate user account, and that administrative privileges are only given to key personnel.