It seems as though every day, there’s another story in the news about a data security breach. As a small business owner with a lot on your mind (and calendar,) you can’t afford to lose time or profits due to internet scammers.
Businesses and individuals lost $3.5 billion to cybercriminals last year while reporting more incidents of internet crime to the FBI than any year previously, according to the bureau’s Internet Core Competency Certification (IC3) 2019 Internet Crime Report.
Unfortunately, scammers often target small businesses due to the assumption that they don’t have the resources to have a sophisticated data protection system in place. Even if that is the case, there are several steps you can take to protect your business from viruses, ransomware, hackers and scammers.
Social engineering training. Social Engineering tactics, like Phishing, account for a large percentage of compromised systems. These emails trick customers and employees alike to click on malicious links and attachments, giving the attackers access.
Keep your systems updated. No matter what operating system, web browser or other software you use, keep it up to date. Running the latest security software is the best way to defend against viruses, malware and other threats. Set antivirus software to run a scan after each update so you don’t leave holes hackers can exploit.
Secure your internet connection. A firewall is a device or set of programs that prevent outsiders from accessing information on your network. Make sure your system’s firewall is enabled. If you have employees who work from home, make sure they’re protected by a firewall as well. Make sure your Wi-Fi network is secure, encrypted and hidden. To hide your Wi-Fi network, set up your router so it doesn’t broadcast the network name, and password-protect access to the router.
Back up your files. No system is totally secure. Regularly back up the data on all computers and store copies to an offsite server or in the Cloud. That way, if your computer is compromised, you’ll still have access to your files. Critical files to consider backing up include spreadsheets, databases, financial documents, personnel files and accounting files.
Protect your customers' payments. Work with your bank to ensure your company is using the most secure payment processing tools and anti-fraud services. Have a dedicated computer specifically for processing customer payments, because surfing the internet from the same computer in which you’re processing financial transactions could leave you vulnerable to scammers.
Use caution in Wi-Fi spots. If you frequently work remotely at your favorite coffee shop, the library or airport, use caution when accessing public Wi-Fi. While these connections are convenient, they’re often not secure. To protect yourself while using Wi-Fi hotspots, send information only to fully encrypted websites. Look for https on every page. Consider using a private hotspot from your cell phone, or a jetpack (mobile hotspot) from your cell carrier. Use a VPN to secure your traffic.
Read emails carefully. Be careful when clicking on links or attachments in emails even if the sender appears legitimate, attempt to verify the web address independently to be sure. You can hover over the link to ensure the legitimacy of the site before clicking on it. One red flag is a strange address in the “from” field, often with spelling errors or odd text. Be especially careful of attachments containing compressed (ZIP) or .exe files, as they could contain viruses that could allow scammers to access your computer.
Keep laptops, phones and tablets secure. Do not leave your portable electronic devices unattended in public, even in a locked vehicle. If stolen, the information stored on them could fall into the hands of a scammer or identity thief. Use encryption on all your device to reduce the risk of data theft if they fall into the hands of a scammer.
If you do find yourself victim of a cyber-attack or data breach, act immediately. Start by calling your IT team, if you have one, and local law enforcement. Contain the breach by taking affected systems offline, but do not turn them off. Document every step for authorities and legal counsel. Communicate clearly with affected groups to reassure them that you are aware of the issue and taking steps to secure the breach.