|Keep your small business
safe: 10 tips
1. Set up your defenses.
Do you have adequate firewalls and antivirus software to protect you
from hackers who could steal your customers and company identity? “If
you leave your doors open, eventually you will be robbed,” says Martin
Rico, chief executive of Inspired eLearning, a San Antonio-based company
that develops security awareness training programs for companies. “The
same is true for your network. Hackers and identity thieves use
automated programs to scan every computer on the Internet looking for
easy targets.” A good Internet router will have an on-board firewall.
But don’t forget to turn it on, he say.
2. Stay abreast of the threat.
A recent phishing scam in Brazil caused Web browsers to land on criminal
sites that looked identical to well-known bank sites. The phishers used
HTML e-mails encoded with malicious Trojan horse programs. If the
security settings on a recipient's computer were too low, just opening
the e-mail would make changes to an essential Windows component.
3. Encrypt everything.
Any sensitive data, or information that might help an ID thief or
hacker, should be aggressively encrypted, says Lisa Sotto, a head of New
York-based Hunton & Williams LLP’s privacy and information management
team. “Encrypt all company laptops,” she advises. “And don’t allow the
transfer of sensitive company data electronically unless it is
encrypted.” Sotto also advises that you upgrade your systems frequently
with the latest protective software to make sure your systems are as
secure as possible. (For technology newcomers: To encrypt a computer is
to assign a secret code that prevents unauthorized parties from
accessing your data.)
4. Get help from your employees.
Human error, or lack of attention to detail, is one of the biggest risks
to a company’s security, according to Steven Domenikos, chief executive
of IdentityTruth, a security firm in Waltham, Mass. “There are some
basic techniques that can be embraced by employees, like changing
passwords periodically and using general security and software tools to
ensure that their home computers are safeguarded against attacks and
malicious programs,” he says. Hackers have created programs that are
designed to grab information from your computer, without you ever
5. Don’t store credit card numbers.
“Never, never, never,” says Richard Stiennon, chief marketing officer
for Fortinet, a security software company in Sunnyvale, Calif. “You do
not need it, the Payment Card Industry Standard forbids you to store
them, and it’s too risky.” Plus, there’s one more reason you should
avoid keeping credit card numbers: If you don’t have them, you can’t
lose them. And a hacker or identity thief can’t get to them, either.
6. Buy a shredder – and use it.
Documents with confidential information can fall into the wrong hands
when they aren’t properly disposed of, says Tim Rhodes, chief executive
of WebArgos, a data security firm in Boise, ID. “I know this is basic,
but I can’t overstate the importance of using a shredder. In one study
we are about to publish; only 50 percent of United States employees are
compliant with their company’s shredding policies.” One of the
challenges faced by small businesses is home-based employees, who may
not have a shredder and put sensitive documents in the trash.
7. Mind your mobile devices.
“A laptop computer is stolen approximately every 53 seconds and only
three percent are ever recovered,” says MacDonnell Ulsch, director of
technology risk management for Jefferson Wells, a Brookfield, Wis.,
company that provides internal auditing and technology risk management
services. “A business executive on a flight recently placed a Blackberry
on her seat while placing her briefcase in the overhead bin. In those
few seconds, her Blackberry, which was unencrypted, was stolen.” He
recommends reminding employees of the dangers they face when they travel
with their mobile devices, and encourages them to report a loss
8. Run your updates.
Hackers are constantly discovering and exploiting new vulnerabilities in
computer operating systems and networks. “Keep your systems patched,”
says Bret Padres, director of incident response, at Mandiant, an
information systems company in Alexandria, Va. “You should have
Automatic Updates enabled on your Windows-based computers. As security
fixes are released from Microsoft, your computer systems will be
9. Research your Internet service
Unfortunately, the company providing your business with Internet access
can offer easy access to your private information. “Not all ISPs are
created equal, especially in terms of their commitment to security,”
says Roger Thompson, chief technology officer for Exploit Prevention
Labs, a security software developer in New Kingston, Pa. His advice?
Before signing up for service, ask if they’ve ever been hacked. “Just
see what they say. If, for example, they blame their users for having
their passwords guessed, that’s not a good sign,” he says.
10. Know what to do when it happens.
Have a security compliance plan in place, advises Judd Rousseau, chief
operating officer Identity Theft 911, a company that develops identity
theft resolution, education and deterrence products in Scottsdale, Ariz.
“This is an inexpensive way to make sure you have addressed the areas
where you need to make sure to have safeguards in place, as well as have
a plan in case a breach does occur,” he says.