With 85% of data breach occurring at the small business level, business owners need to secure online banking and data stringently.
Most of us are aware of the need to take sensible precautions — but how many of us regularly follow through? “I’ll renew the antivirus software later,” or “Let’s back up next week” are phrases often heard, action never taken. Which is why, according to Identity Theft Resource Center, a San Diego-based non-profit group, the business sector data breaches climbed from 21% in 2006 to 41% in 2009, resulting in the worst sector performance ever.
Each year, thieves find new ways to hack small business owners’ computers; lately, many hackers’ strategy of choice falls under the guise of banking Trojans. According to studies conducted in 2008/9 by the FBI, hackers stole close to $100 million.
It's not just anonymous hackers on the net that are to blame, however. Each year, more and more breaches occur from inside an organization ranging from unhappy employees to human errors (i.e., misplaced laptops, equipment stolen from inside a workplace).
As a business owner, what can you do to be safe and protect your business from hackers and negligent employees? Secure your workplace by putting these 8 protocols in place for you and your employees.
1. Back up data and keep anti-virus software, security applications, and firmware up-to-date for all computers. Implement a protocol within your company for each employee (if you don’t have a dedicated IT person) to be responsible for downloading automatic updates for security patches on a regular basis.
There are specific software programs and apps that aren’t standard like Norton or Symantec, but functionally perform better (in my opinion) for the small business owner. Trend Micro Pro allows you to see which computers are on your network and also evaluates and highlights safe search results for those employees who surf the web. Services like Mozy offer affordable and convenient back up.
2. Dedicate computer stations to the customer care or service teams that are handling credit card requests. These portals should not allow employees to check email, surf the web, or any activity that opens the system up to online security breaches.
4. If you lay off or fire an employee, remove their access to company files or walk them out immediately. According to Ponemon Institute, more than 50% of employees who are laid off take some kind of company data, including customer credit card information. In addition, setting up security cameras or restricted access to customer data to identify if any employee is stealing data is a good idea.
5. Keep your employees informed of the latest Trojan attacks via email or even phone. With more and more companies switching over to VoIP phone systems for their business, it’s easier for hackers to alter the caller’s number (making it appear as if it is coming from your bank or other financial institution) or use a virtual phone number and mask their identity to obtain information. You could purchase software that filters out suspicious calls asking for banking information.
6. When operating an ecommerce site, it is your responsibility to protect your customers. Make sure your shopping cart has a SSL/TLS certificate. This technology ensures that credit card information or other sent in is encrypted and registered by a third party.
7. Don’t save customer credit card information on unencrypted computers. Take extra precautions with customer data to prevent online or employee theft.
8. Use additional programs and apps to scan computers for security breaches. Identity Finder is an example of software that will run a spider through your hardware and then let you know what items are unprotected.
Be vigilant in keeping all sides of your business safe — no matter how inconvenient or mundane the security process might seem. It will be well worth the small expense and effort to keep your company safe.
Betsy Brottlund is the Director of Marketing at Resource Nation, a company that provides online and offline resources for businesses and connects them with local and national vendors in credit card processing and VoIP.