“I’m a small business, who would want to hack my computers?"
"It can’t happen to me."
"Oh, I never do anything online that could lead to a security risk.”
Do any of these statements sound familiar at all? Many small business people have uttered these statements only to discover that someone has hacked into their systems and stolen money, stolen identities, held their data captive for ransom, or otherwise caused havoc with their business.
According to the Federal Bureau of Investigation, in 2016 cyber-crimes accounted for $1.33 Billion in victim losses and 298,728 cyber-crime complaints filed by victims. Don’t become a statistic. Give the Small Business Development Center at JCC a call today at 716-338-1024 to learn how to protect your company from internet predators.
To get started, here are ten simple guidelines to reduce your chances of becoming a victim of cyber crime.
1. Develop security practices and TRAIN your employees to use them.
By creating basic security policies and procedures for employees, you are creating an atmosphere of accountability. Teach them to practice creating strong passwords. Develop suitable Internet use guidelines with detailed penalties should they violate company cybersecurity policies. Establish rules of behavior that will illustrate how to handle and protect vital customer data and information. There are several online resources available such as https://resources.workable.com/cyber-security-policy to help create cybersecurity good practices.
2. Secure computers, networks, and information from cyber-attacks by:
Keeping “clean machines”: downloading the latest security software, web browsers, and operating systems offers the greatest barricades against viruses, malware, and other online threats. Schedule any antivirus software to run a scan after each update. Install key software updates as soon as possible upon availability. Most computers will have a default setting that automatically searches for available updates. Anti-virus and anti-malware software such as Norton Antivirus, Kaspersky, McAfee are available for an annual fee.
3. Set up a strong Firewall for your Internet Connection.
A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure to enable the operating system’s firewall or install free firewall software from trustworthy online sources. Employees working from home ought to make sure that their personal computers have up to date firewall software as well.
4. Make sure wireless networks are secure.
If you have a Wi-Fi network in your workplace, encrypt, hide, and secure it. Your wireless router can be set up so that it does not broadcast your network name (commonly known as your SSID: Service Set Identifier). Keep access to the router password protected.
5. Important Business data and information should be routinely backed-up.
Back up all computer data regularly. Data such as: word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files are especially critical and should be saved and stored either offsite or in the cloud. Set your computers to generate backups for data at pre-arranged intervals, if feasible.
6. Give each employee his/her own unique User Identities. This allows control over computer access.
Unauthorized individuals should not have access to company computers. Remind employees to lock their desktops and laptops when away from them. Laptop computers, especially, make easy targets for theft. Leaving them unlocked can allow for data breach. Each employee should have his/her own access identity and a strong password. Instruct employees not to share their passwords or User IDs with anyone else. Key personnel and a trusted IT team should only ever have administrative access. IDMWorks has an excellent article on creating unique usernames. https://www.idmworks.com/best-practices-unique-login-names/
7. Develop a series of “Best Practices” when accepting any type of payment cards
Contact your credit card processing company and/or bank to make sure that they are using the most up to date anti-fraud measures and security available. They may also require you to have additional security obligations. Only use specific terminals for accepting payments and refrain from using those terminals to surf the internet.
8. Employee access to data and ability to install programs should be limited.
Give employees access only to data and information specific to their jobs. Giving employees access to all available data could compromise confidentiality agreements or open the door to retribution by disgruntled employees. Programs that employees want to download should be intrinsic to job specific duties or vetted by your IT team before granting permission to download.
9. Passwords and authentication
Require employees to create distinctive passwords and change those passwords on a pre-determined time schedule. Employees should be encouraged to create different passwords each time. You may also want to implement multi-step authentication, requiring additional information outside of a password to gain entry. If any of your vendors handle sensitive data, check to see if they offer multiple step validation for your account. Passwords based on birthdates, family members, pets, etc… are generally the easiest to crack because people will inadvertently share that information unwittingly on social media. For example… sharing a child’s birthday or the name of your brand new puppy in your Facebook post gives cyber-thieves possible clues to hacking passwords. Multiple random combinations of upper and lower case letters, numbers, and symbols without any personal meaning typically are the most difficult to crack.
10. Mobile Devices: Phones, Tablets, etc…
Much like laptops, mobile devices can produce substantial security challenges, especially if they contain confidential information or have access to the business’ network. Require employees to password-protect these devices, set up data encryption, and download/install security apps to protect information from theft should the device tap into public networks. Create a policy/procedure for reporting lost or stolen devices ASAP.
These 10 steps are an excellent start to securing your business from cyber criminals. Remember - you can call the Small Business Development Center at JCC at 716-338-1024 to learn more about protecting your company and your customers from internet predators.