Some experts call it an epidemic, with small merchants as the easiest targets. Business owners tend to think data security problems mostly involve hackers indiscriminately targeting different businesses. That’s only part of it. Disgruntled vendors can steal data to hurt a business that dumped them. Ex-employees can steal data to sell it for profit, and thieves sometimes make off with desktop computers, laptops, and mobile devices. The National Small Business Association says 44% of small businesses have been victimized by some kind of cybercrime. Those crimes cost an average of nearly $9,000. Part of the cost is notifying customers that data theft might compromise their personal information. Nearly every state requires businesses to tell customers of lost or stolen personal data.
That cost can pale in comparison to other damage a data breach can inflict. Customers might stop shopping at a small business that’s been hit, or post bad reviews on social media. Your reputation can plummet.
Preventing Attacks. Business owners or employees often use company computers to access sites and networks that can secretly infect those computers with viruses and malware. Many businesses simply don’t keep anti-virus software current because it’s too much trouble. Here are seven important steps you can take to prevent problems:
Keep machines clean: Your computers should be equipped with the latest security software, web browsers, and operating systems. This is the best defense against viruses, malware, and other online threats that constantly change. Install key software updates as soon as they are available and set antivirus software to run a scan after each update. Be aware: operating systems (and other software) often download updates automatically
Secure your Wi-Fi networks: If you have a Wi-Fi network, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name (the Service Set Identifier, SSID). Password protects access to the router and zealously guards the password. If you offer Wi-Fi access to patrons (as in a coffee shop), use a separate Wi-Fi network for your critical systems.
Provide firewall security: Firewall software prevents outsiders from accessing data on a private network. Make sure your operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home systems are protected by a firewall as well. Remember that not all firewalls are created equal. Research ratings to choose the one you will use.
Control physical access to your computers and create user accounts for each person: Prevent access by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost; lock them up when unattended. Make sure a separate user account is created for each employee. Administrative privileges should only be given to trusted IT staff and key personnel. Install password systems that are not easily circumvented.
Protect payment card systems and information: Work with banks or card processors to ensure that only trusted and validated tools and anti-fraud services are used. You may have certain security obligations under agreements with your bank or processor, so make sure you know your liabilities. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
Limit authority to install software and access information: Don’t provide any single employee (other than your chief IT person) with access to all data systems. Employees should only be given access to the specific data systems they use in their jobs, and should not be able to install software without permission.
Get tough on passwords: Require employees to use strong passwords (at a minimum, 8 characters with at least one capital and one number) and change them every three to six months (you can install software that will force the password change). Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. For example, after entering a password, the computer asks for a factoid like their mother’s maiden name.
We thank BizBest® Media Corp for some of the above information. Read more of Daniel Kehrer’s tips at www.BizBest.com, follow him at www.twitter.com/140Main, and connect on LinkedIn at www.linkedin.com/in/danielkehrer.