These days, nearly all small business owners rely on technology to run their businesses and stay competitive. And most don’t have a full-time IT staff to help them. That can leave many such businesses open to attacks from hackers and data thieves intent on stealing credit card and other sensitive information.
Think you aren’t vulnerable or that it can’t happen to your business? Think again. Major credit card companies now estimate that 95 percent of data theft they uncover happens at the very smallest businesses that accept credit cards (and thus have customer credit card information; if only briefly). And data theft reports from small businesses have jumped in recent years.
The reason is simple: Hackers find small businesses to be easier targets.
Even a local hair salon, pizza shop or dental office might have names, addresses and credit card data. And with most small businesses now gathering and storing information electronically, the opportunities for data theft have soared.
The problem is tricky because it takes so many different forms. One common hacker tactic is to plant malicious software programs called “malware” on small business computers. These programs, sometimes sent to employees as email links or attachments, can steal information and send it undetected over the web. Point-of-service credit card terminals are an increasingly common target as well.
One good place to go for reliable advice and information is the small business section at OnGuardOnline.gov, a federal government site devoted to helping individuals and businesses fight cybercrime.
The small business page has how-to videos and tutorials about protecting information, creating cybersecurity plans and learning about threats. It also features training materials for employees, free email updates and other resources for small business. Just look for the small business link on the home page.
Meanwhile, here are nine tips to help protect your business:
1. Keep security software up to date: If you do nothing else, installing (or updating) the latest versions of anti-virus and anti-spyware software will provide some protection.
2. Segregate your sensitive data: The fewer places your sensitive information is stored, the less you have to worry about. For example, credit card information should be segregated from other data and from your network as well.
3. Revise and rethink your passwords: Many small businesses are victimized by data theft and other computer crimes simply because they have weak passwords. Change passwords regularly, and use strong ones that are not predictable. Some experts suggest using three-word or more password “phrases.” These can actually be easier to remember and quicker to type.
4. Don’t leave computers unsecured: Require logins for all computers and laptops, and set them to return to the login screen after five or ten minutes of inactivity. Only download or install applications that come from trusted sources.
5. Avoid direct connections to the Internet: Many small businesses don’t have networks or routers and simply plug directly into the Internet. But business owners can block many common threats by using a quality router, such as a Netgear or Buffalo brand router and making sure to change the router password from the default setting.
6. Upgrade security policies and email standards: In this age of social media it’s more important than ever to set policies and standards on what types of information can be shared online. And many businesses still treat email as confidential communication, which it isn’t. Think of emails more like postcards, and not sealed letters.
7. Protect tablets and mobile devices, too. Smart phones, iPads and similar devices should also be password protected and kept in secured storage when not in use. Avoid storing any sensitive data on these devices.
8. Use a secure SSL connection for sending or receiving data: Secure Sockets Layer (SSL) is an encrypted Internet connection for sending data safely over the Internet.
9. Use a secure wireless connection and a good firewall: Many small businesses still use unsecured wireless networks. That’s asking for trouble. The old standard, known as WEP, is useless. What you need is WPA2 encryption, the current standard in data protection.
Copyright © 2000-2015 BizBest® Media Corp. All Rights Reserved.