Back in the day, all you needed to protect your business was a solid lock and a good reputation in the community. Today, the Internet brings the whole world tromping into your business, and it can get pretty messy.
Today, along with trying to run a successful business, you've got to outsmart the hackers, grifters and other lowlifes trying to steal your financial data or hijack your computing bandwidth. This ain't your Grandfather's small business.
"Small businesses are very busy," said Ron Teixera, president of the NCSA. "and these tips provide a quick hit of information that they can incorporate in order to protect their networks and their customers' private information."
Cyber criminals steal information to commit fraud, which typically takes two forms, Teixera said. They take customer information or a business owner's name and good credit for identity theft or they commandeer small business networks to commit crimes (phishing, spam attacks and so on) against other small businesses.
"These people hijack your network bandwidth so that when they spam and attack other sites, and the attacks look as though they originated from your company's domain," Teixera said.
Why is this so important? He sited a consumer study by Javelin Research that showed 85 percent of those surveyed said they would shop more at a site known for its good cyber-security practices. Only 20 percent of those polled said they would continue to shop at a Web shop that had experienced a data breach.
"Cyber security is good for business, Teixera said. "Your credibility has value in both the real and the virtual world.
Gimme Five Steps
Both the NCSA and Capitol One Small Business recommend these five steps to improve your cyber security.
- Conduct a Risk Assessment
- Educate Employees
It's essential that managers and employees have a basic understanding of cyber security, including company-specific procedures and overall best practices.
"Teach your employees how to avoid risks. We're talking basic cyber security 101 don't open attachments from an unknown source," Teixera said. "And do this more than once a year. Threats evolve and you need to keep your employees alert to those threats."
Small business owners need to integrate a cyber security rollout plan within the yearly business plan. This plan should also include steps for measuring success.
- Back up Critical Information
Make regular (at least weekly) backup copies of all important data and information. Creating backups on a regular basis ensures that critical data is not lost in the event of a cyber attack or natural disaster.
Store all backup copies away from the office, such as on an external hard drive, and use encryption to protect any sensitive information about your company and customers from thieves and hackers. Encryption programs encode data, making it unreadable until the user enters a password or encryption key to unlock it.
"It's easier now than ever to keep data backups off site," said Teixera. "You'll need that data in the event of a fire, flood or other disaster. Just having data on-site is not helpful."
- Create a Contingency Plan
Small business owners should have a contingency plan in place in case the business suffers a cyber-security attack. The contingency plan should include steps on how to continue business operations at an alternate location when necessary. This plan should be tested annually.
"You should understand how to preserve evidence of the attack, who to contact police, your bank, customers, attorneys," said Teixera. "Think things out ahead of time because you won't be effective in the heat of the moment."
- Sign a Security Agreement
Have all employees sign a security agreement in order to demonstrate that they are taking cyber security seriously and are active participants in helping to maintain a secure online environment. This agreement should also require employees to report any suspicious online activity or known Internet crime to the proper authorities.
If fraud or criminal intent is suspected, it should be reported to the local law enforcement agencies, the local FBI, Secret Service or state attorney generals offices. Moreover, some states require business owners to notify their customers if hackers or thieves could have had access to unencrypted personal information. One way to prevent Internet crime is by erasing all data on a hard drive before recycling or throwing away a computer.
"Maintaining a culture of security is important. Employees need to understand that they need to protect their PC data, company information and laptops with encryption," said Teixera. "Having and enforcing an agreement like this shows how seriously you take cyber security."
In order to protect customer information, small business owners need to conduct an initial risk assessment of their online and operating systems. This includes determining if any sensitive information (anything that is critical to your bottom line (e.g., customer database) is attached to the Internet.
"Don't forget about physical security," Teixera said. "If you have a small desktop server, you might want to keep it in a locked closet or office. It's too easy for someone to walk in and take it."
There are several components of a comprehensive risk assessment. Most importantly, small business owners should install updated antivirus programs, antispyware programs and firewall software on all computers. Make sure to keep these programs, along with the operating system and applications up-to-date with the most current patches. In addition, ensure that all employees use effective, complex passwords. Passwords should be changed every 60 to 70 days.
Lauren Simonds is the managing editor of SmallBusinessComputing.com
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|