10 Tips for a Safe Business
1. Set Up Your Defenses
Do you have adequate firewalls and antivirus software to protect you from hackers who could steal your customers and company identity? “If you leave your doors open, eventually you will be robbed,” says Martin Rico, chief executive of Inspired eLearning, a San Antonio-based company that develops security awareness training programs for companies. “The same is true for your network. Hackers and identity thieves use automated programs to scan every computer on the Internet looking for easy targets.” A good Internet router will have an on-board firewall. But don’t forget to turn it on, he say.
2. Stay Abreast of the Threat
A recent phishing scam in Brazil caused Web browsers to land on criminal sites that looked identical to well-known bank sites. The phishers used HTML emails encoded with malicious Trojan horse programs. If the security settings on a recipient’s computer were too low, just opening the e-mail would make changes to an essential Windows component.
3. Encrypt Everything
Any sensitive data, or information that might help an ID thief or hacker, should be aggressively encrypted, says Lisa Sotto, a head of New York-based Hunton & Williams LLP’s privacy and information management team. “Encrypt all company laptops,” she advises. “And don’t allow the transfer of sensitive company data electronically unless it is encrypted.” Sotto also advises that you upgrade your systems frequently with the latest protective software to make sure your systems are as secure as possible. (For technology newcomers: To encrypt a computer is to assign a secret code that prevents unauthorized parties from accessing your data.)
4. Get Help From Your Employees
Human error, or lack of attention to detail, is one of the biggest risks to a company’s security, according to Steven Domenikos, chief executive of IdentityTruth, a security firm in Waltham, Mass. “There are some basic techniques that can be embraced by employees, like changing passwords periodically and using general security and software tools to ensure that their home computers are safeguarded against attacks and malicious programs,” he says. Hackers have created programs that are designed to grab information from your computer, without you ever knowing it.
5. Don't Store Credit Card Numbers
“Never, never, never,” says Richard Stiennon, chief marketing officer for Fortinet, a security software company in Sunnyvale, Calif. “You do not need it, the Payment Card Industry Standard forbids you to store them, and it’s too risky.” Plus, there’s one more reason you should avoid keeping credit card numbers: If you don’t have them, you can’t lose them. And a hacker or identity thief can’t get to them, either.
6. Buy a Shredder & Use it
Documents with confidential information can fall into the wrong hands when they aren’t properly disposed of, says Tim Rhodes, chief executive of WebArgos, a data security firm in Boise, ID. “I know this is basic, but I can’t overstate the importance of using a shredder. In one study we are about to publish; only 50 percent of United States employees are compliant with their company’s shredding policies.” One of the challenges faced by small businesses is home-based employees, who may not have a shredder and put sensitive documents in the trash.
7. Mind Your Mobile Devices
“A laptop computer is stolen approximately every 53 seconds and only three percent are ever recovered,” says MacDonnell Ulsch, director of technology risk management for Jefferson Wells, a Brookfield, Wis., company that provides internal auditing and technology risk management services. “A business executive on a flight recently placed a Blackberry on her seat while placing her briefcase in the overhead bin. In those few seconds, her Blackberry, which was unencrypted, was stolen.” He recommends reminding employees of the dangers they face when they travel with their mobile devices, and encourages them to report a loss immediately.
8. Run Your Updates
Hackers are constantly discovering and exploiting new vulnerabilities in computer operating systems and networks. “Keep your systems patched,” says Bret Padres, director of incident response, at Mandiant, an information systems company in Alexandria, Va. “You should have Automatic Updates enabled on your Windows-based computers. As security fixes are released from Microsoft, your computer systems will be automatically updated.”
9. Research Your Internet Service Provider
Unfortunately, the company providing your business with Internet access can offer easy access to your private information. “Not all ISPs are created equal, especially in terms of their commitment to security,” says Roger Thompson, chief technology officer for Exploit Prevention Labs, a security software developer in New Kingston, Pa. His advice? Before signing up for service, ask if they’ve ever been hacked. “Just see what they say. If, for example, they blame their users for having their passwords guessed, that’s not a good sign,” he says.
10. Know What to Do When it Happens
Have a security compliance plan in place, advises Judd Rousseau, chief operating officer Identity Theft 911, a company that develops identity theft resolution, education and deterrence products in Scottsdale, Ariz. “This is an inexpensive way to make sure you have addressed the areas where you need to make sure to have safeguards in place, as well as have a plan in case a breach does occur,” he says.