In recognition of October’s designation as Cyber Security Awareness Month, your Better Business Bureau is continuing our discussion of this vital issue. It’s important to note that digital information theft has surpassed physical theft as the most commonly reported fraud. Small businesses can be victimized by the current rash of digital scammers just as individuals can. Accordingly, here are 10 tips for small businesses from the Federal Communications Commission, designed to keep them safer from the onslaught of would-be digital thieves.
1. Be sure your employees are trained in security principles. Instruct them in the use of strong passwords and proper Internet safety procedures like being distrustful of unsolicited emails even though they may look legitimate, never clicking on links in such emails. Have established rules and procedures for protecting your customers’ information and other data.
2. Keep your company’s digital devices protected from online threats by being sure security software, web browsers and operating systems are always up to date.
3. Use firewalls. A firewall is a set of programs that prevent outsiders from getting to data on your private network. Free software is available online. Don’t overlook employees who work from home. They should be protected as well.
4. Have a mobile device action plan. Require password protection, data encryption and security apps to protect while using public networks. Lost or stolen equipment should be immediately reported.
5. Back up data. Preferably use an automated backup system, or at least manually back it up once a week, with copies stored either offsite or in the cloud. Backups should include word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files.
6. Control who uses your devices and see that each employee has their own user account. Lock up unattended laptops, as they are often targeted for theft.
7. Secure your Wi-Fi network. Set up your router or wireless access point so that it does not broadcast the network name, and password protect access to the router.
8. Secure your payment cards. Work with your bank or credit union to be sure the best tools and anti-fraud services are in use. Isolate your payment system from other, less secure programs. Never use the same computer to process payments and to surf the Internet.
9. Control employee access to data. Try not to allow any one employee access to all data systems – just to the specific data necessary for their job. Never allow them to install software without permission.
10. Tighten account authentication procedures. Require unique passwords and change them every three months. Multifactor authentication, requiring additional information beyond passwords should be used if possible. Check with financial institutions that handle your data to see if they offer multifactor authentication as well.
The Federal Trade Commission (FTC) offers much useful information for business data security at their website: ftc.gov/privacy-and-security/data-security. These days it is vital for small businesses to keep on top of the latest developments in security of their data. Data thieves are keeping up to date. So should the rest of us. If you have questions or concerns about securing your business’ data, contact your Better Business Bureau at (800) 856-2417, or visit our website at bbbinc.org.