Cybersecurity Tips and Tricks for Business Owners
As a business owner, you play a key role in the local, regional and national economy. To do this successfully, you are increasingly reliant on technology to store, process and communicate information. Protecting this information against evolving cyberthreats is critical.
Many small and mid-size business owners don’t consider themselves targets for cyberattacks due to their size or the perception that they don’t have anything worth stealing. The reality is you have very valuable information such as employee and customer data, bank account information and access to larger networks within your supply chain. Many small and mid-sized business lack the personnel or capital to dedicate to cybersecurity also making businesses like yours a prime target for cyberattacks.
Introduction to Cybersecurity
These seven simple tips will help you safeguard information:
- Make sure all company computers are equipped with anti-virus and anti-spyware software. And be sure they are updated regularly.
- Secure your network connections with a firewall. Hide your Wi-Fi network.
- Establish security practices and policies for your employees to help them protect sensitive information.
- Educate employees about cyberthreats and hold them accountable to your security policies and procedures.
- Require employees to use strong passwords and change them often.
- Invest in data loss prevention software, use encryption technology to protect data in transit and use two factor authentication where possible.
- Protect all pages of your public-facing websites, not just the check-out and sign-up pages.
- Create a social media policy for cybersecurity and communicate it to your employees.
- Limit the number of employees who are authorized to post on behalf of your business.
- Make sure they know what they can and cannot say about your business, your customers, your employees and your business partners while using social media channels.
- Monitor what is being posted about your business by others via social media channels.
Ransomware is a type of malicious software that infects and restricts access to a computer until a ransom is paid. Although there are other methods of delivery, ransomware is frequently delivered through phishing emails and exploits unpatched vulnerabilities in software.
Phishing emails are crafted to appear as though they have been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, your computer may become infected with malware.
A commitment to cyber hygiene and best practices is critical to protecting organizations and users from cyber threats, including malware.
- Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the Internet for the main website of the organization or topic mentioned in the email).
- Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Avoid providing personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Avoid revealing personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Be cautious about sending sensitive information over the Internet before checking a website's security.
If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
Department of Homeland Security
The Department of Homeland Security (DHS) has developed a national public awareness campaign called Stop.Think.Connect aimed at empowering the American public to be safer and more secure online. The main objective is to help you become more aware of growing cyberthreats and arm you with the tools to protect yourself, your family and your community. For more information visit www.dhs.gov/stopthinkconnect.
The United States Computer Emergency Readiness Team (US-CERT) distributes bulletins and alerts for both technical and non-technical users, shares cybersecurity tips, and responds to incident, phishing and vulnerabilities reports. Visit www.us-cert.gov.
U.S. Chamber of Commerce
The U.S. Chamber of Commerce has an Internet Safety Toolkit that teaches employees how to help protect company information, customer data, and their own personal information. Visit www.USChamber.com.
Federal Communications Commission
The Federal Communications Commission (FCC) is collaboration with other government agencies and industry leaders, has created an easy-to-use, free online tool that will help create a customized planning guide for your business. Visit www.fcc.gov/cyberplanner.
Federal Trade Commission
The Federal Trade Commission (FTC) offers lessons learned from their 50+ data security settlements. Download the guide and access videos free. Visit www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business.
If your business is a victim of a cyberattack or has experienced fraud due to a cyberthreat follow these key steps:
- Inform local law enforcement
- Inform the State Attorney General if appropriate
- Report stolen identities and other cybercrimes to the Internet Crime Complaint Center at ic3.gov
- Report fraud to the Federal Trade Commission at onguardonline.gov/file-complaint
- Report computer or network vulnerabilities to US-CERT using their telephone hotline or the US-CERT website at us-cert.gov
Protecting Your Business From Payment Fraud
For most municipalities, electronic payment systems result in great efficiencies. Unfortunately, these efficiencies set the table for a payment fraud smorgasbord.