Unlike most large corporations, small businesses often lack robust information systems and IT security staff that can help protect against hacking and other types of data breaches. And unfortunately, today’s fraudsters are getting far more sophisticated in their ways. Some now use social media to research business owners’ personal and professional networks and con those contacts into providing sensitive business information such as account numbers or performing financial transactions. New computer viruses and malware are making it easier for cyber thieves to steal passwords and commit fraud.
In light of these growing security risks, business owners should evaluate their data-security procedures to ensure that they are strong enough to thwart today’s sophisticated fraudsters. Here are five key steps to shielding business and personal data:
- Build a secure infrastructure. It’s important to use layered security technologies to thwart cyber attackers and hackers. This includes confirming that all business computers have updated operating systems and applications with the latest security patches—which are released by software developers to address vulnerabilities to computer viruses or hacking. Antivirus, spam detection and filtering software should be installed on every computer and the network should be protected by a properly configured firewall. Depending on the company’s security concerns, it may even want to invest in intrusion detection and monitoring systems that provide an extra level of protection.
- Consider data encryption software. Encryption uses a mathematical algorithm to scramble readable text so that it can’t be read except by someone who has the key to “unlock” it. It can be especially useful at preventing hackers from getting sensitive business information, whether email correspondence or documents stored on a computer system or portable media.
- Use hard-to-crack passwords. Fraudsters who uncover even one password can log onto accounts and steal sensitive information or money. Business owners and employees should be required to use unique and different hard-to-crack passwords for every account, including their work and personal email. The password should be more than eight characters in length and complex in construction so it is not easily guessed.
- Protect mobile devices. As employees conduct more business remotely, it’s important to be sure the mobile devices they’re using are secure. This includes requiring a power-on password and local data encryption. Employees’ mobile devices should be configured to use only protected/encrypted wireless connections at work and while using public networks (“hotspots”) at, say, a coffee shop or airport.
- Educate employees on the risks. Employee awareness is paramount. With more people working remotely and using email and personal devices to communicate, they must be instructed on how to avoid exposing themselves to fraudsters. This includes instructing them not to click on links in emails or texts from unfamiliar sources and verifying the identity of anyone who requests sensitive business or account information. Businesses should also use dual authorization—meaning two separate individuals must authorize a transaction—when making financial transactions such as electronic funds transfers.
- First Republic Bank provides a courtesy Internet Security Health Check to its small business customers. An information security specialist comes to the company to review security-related controls such as Internet browser settings, operating system updates, wireless security, firewalls, antivirus software and spam filters to ensure proper configurations for optimal protection against malicious activity. Businesses can also receive Trusteer Rapport, a highly regarded software program that protects against financial malware, at no cost.