It’s called cyber security, Internet security, data theft or a variety of other names. But whatever you call it, the problem is growing for small businesses of all kinds. From t-shirt makers, medical offices and wine shops, to sporting goods stores, dog kennels and non-profits, small businesses are falling victim to data theft and other types of “cybercrimes” at a high rate.
Some experts are even calling cybercrime an epidemic, with small merchants as the easiest targets.
Business owners tend to think of computer or data security as a problem that mostly involves hackers who indiscriminately target different businesses. But that’s only one part of it. Disgruntled vendors have been known to steal data in order to hurt a business that dumped them. Ex-employees sometimes steal data to turn a profit, and of course thieves sometimes make off with desktop computers, laptops and mobile devices.
According to the National Small Business Association, 44 percent of small businesses say they’ve been victimized by a cybercrime of some kind at least once. And the cost of those crimes averaged nearly $9,000 each to rectify. Part of the cost is notifying customers of a data theft that might compromise their personal credit or other information. Nearly every state now requires businesses to tell customers if personal data has been lost or stolen.
But that cost can pale in comparison to the other damage a data breach can inflict. When a small business has been hit, customers can stop shopping there, or post bad reviews on social media. Your reputation can take a big hit.
One problem is that some business owners or employees use company computers to access sites and networks that can secretly infect the computers with viruses and malware. Other businesses simply don’t keep anti-virus software current because it’s too much trouble.
Here are seven of the most important things you can do to prevent problems:
- Keep clean machines: Your computers should be equipped with the latest security software, web browsers and operating systems. This simple step is the best defense against viruses, malware and other online threats that are constantly changing. Install key software updates as soon as they are available and set antivirus software to run a scan after each update.
- Secure your Wi-Fi networks: If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
- Provide firewall security for your Internet connection: A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure your operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home systems are protected by a firewall as well.
- Control physical access to your computers and create user accounts for each person: Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee. Administrative privileges should only be given to trusted IT staff and key personnel.
- Protect payment card systems and information: Work with banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may have certain security obligations under agreements with your bank or processor, so make sure you know your liabilities. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
- Limit authority to install software and access information: Don’t provide any single employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install software without permission.
- Get tough on passwords: Require employees to use strong passwords and change them every three to six months. Consider implementing multi-factor authentication that requires additional information beyond a password to gain entry.
Copyright © 2000-2014 BizBest® Media Corp. All Rights Reserved.