Simple Cyber-security Practices

Cyber-security has been a topical issue of late in the wake of headline-grabbing incidents, like the Sony hack, the theft of compromising photos of celebrities from an online cloud (“celebgate”), and the revelation of a security vulnerability dubbed “heartbleed”. Unfortunately, as technology becomes increasingly sophisticated, so do the techniques used by tech-savvy miscreants to infiltrate computer systems. Further, in this era of Big Data, the amount of sensitive information potentially vulnerable to criminal activity is vaster than ever before.

Few (if any) computer systems can claim to be the digital equivalent of Fort Knox. But there are some simple steps you can and should take to help improve the safety of your data.

•  Keep software up to date, including anti-virus applications.

Out-of-date web browsers are susceptible to cyber-infiltration, malware, and viruses, as are machines that don’t have the latest anti-virus software installed. Do a bit of research, and invest in security software from a reputable company with a solid track record.

•  Create backup copies of everything that’s important.

Even ostensibly reliable computers can sometimes crash or malfunction, causing you to lose access to information stored on the hard drive. Pay particular attention to financial and human resources documents (including credit card information and social security numbers), records of transactions and accounts receivable/payable, databases and spreadsheets, and any other files you feel might cause a major headache if it ever went missing. Store these essentials either in a secure cloud, or offsite.

•  Set up an internet firewall.

Many computer operating systems have a firewall pre-installed, and you’ll simply need to enable it; alternatively, free firewall software can be downloaded from the internet. Again, make sure the software you use comes from a reputable source.

•  Control physical access to computers.

 Set up passwords for each machine, and request that each employee create a unique user name and entry code. Aim to change passwords every few months and in the event of employee turnover. Safely stow and lock up laptops that aren’t being used.

•  Secure your wi-fi network.

Your wireless network should have a unique password that’s at least 10 to 15 digits in length, containing upper-case and lower-case letters and numbers. Try to make it not only exceedingly difficult for a person to guess, but inordinately time-consuming for a password-cracking program to break.

•  Use extra caution with payment-processing.

When setting up a payment-processing arrangement with a bank or financial institution, ask about the latest security and anti-fraud measures and best practices. Try to isolate your payment system, and avoid using the same computer to handle financial transactions and browse the internet.

•  Leave software installation to people you trust, or do it yourself.

Many computer operating systems are outfitted to require password authorization  from a system administrator in order to install new software. Make sure this feature is enabled, so that employees (and unauthorized computer users!) cannot install software without your approval.

•  Read up on cyber-security.

With the pace of technological advancement occurring in our world today, experts occasionally stumble upon previously undiscovered vulnerabilities, and new programs that can thwart even the most sophisticated network security systems. Although not everyone can or should aspire to become a cyber-security connoisseur, it is in your interest to keep reasonably abreast of the latest developments in that area.

The U.S. Federal Communications Commission (FCC) has a page dedicated to cyber security for small businesses, including advice and resources. More useful information is available here, via a campaign called Stop.Think.Connect.

10 Ways to Protect Yourself and Your Business from Fraud

As the old saying goes, “an ounce of prevention is worth a pound of cure.” This is true for keeping colds at bay and for preventing personal and business fraud. When you consider that most business fraud can be attributed to a lack of proper control over information and assets, then you can instantly see the importance of prevention. It doesn’t matter if you are a small business or a vast conglomerate; there is a demonstrable benefit to be found through being diligent in protecting yourself from fraudulent activities. The following are the top ten ways to protect yourself and your business from fraud.

1.      Upgrade Onsite Security: 

A thief who breaks into your company offices or warehouse could not only steal property but also valuable information. That information can include credit card account numbers, computer passwords and all other forms of sensitive information. Once those numbers are obtained, the criminal could go on a virtual buying spree before you can make it into work the next day. This is why upgrading your on site security in the form of proper locks, alarms and security gates are crucial for preventing theft.

2.      Properly Secure Business Records:

Even with the extra alarms, there might be personnel who will be tempted to access important business information. That is why it should always be kept under lock and key after business. While it is convenient to have a list of all your account passwords handy, you really want to make sure that “prying eyes” won’t get a peek.   

3.     Add Shredding To Your Routine:

A shrewd identity thief will know right where to find the information they need and it’s not always in your office, but in your dumpster. Any paper that is being thrown out with any kind of company information should be shredded first. This is especially true for a small business that might not have secure dumpsters.  

4.     Don’t Divulge Over the Phone:

The natural instinct for anyone answering a company phone inquiry is to be helpful and courteous. That “help” might extend too far towards a potential identity thief who is trolling for information through a random “customer” call. Unless you initiate a call, don’t give out any vital company information over the phone to a stranger. 

5.      Lock Down Your Computers:

You might think it is easy to keep track of people who come through your office on a regular basis. However, when you consider all the messengers, delivery men, service technicians, sales persons and custodians you can see that the stream of outside workers, even in a small business, can be enormous. This is why your computers should have password protection. They should also be shut down when you are away from your desk.

6.      Install Computer Firewalls:

The protection from your computer needs to extend throughout the internet through updated firewall security measures. You need to protect your network systems from potential hackers who troll for businesses to steal from. If you have an IT professional who takes care of your IT network and systems, ask them for their recommendations. 

7.      Establish Strong Anti-Fraud Policies:

Your employees are going to be your best line of defense to prevent fraud. However, they can also become your weakest link. This is why you need to establish clear policies with regard to sharing company information. A rep from your company shouldn’t be out in the world broadcasting sensitive information. It could be unintentional, but that won’t matter if a fraud occurs from using this information.

8.      Set Up a Fraud Hotline:

Sometimes an employee could witness an act of fraud but they don’t want to directly report this incident to a manager. Setting up a fraud hotline or email address can provide staff members with the opportunity to share any knowledge of fraud. This type of hotline also tells anyone who might be thinking about a fraud scheme that they are being watched by their co-workers.

9.      Take Immediate Action:

The moment there is a report of a suspected fraud incident you should begin a thorough investigation. By taking immediate action you’ll let your staff know this type of behavior won’t be tolerated.

10.  Sever Ties With Ex-Employees:

When renting a new apartment, you should request that new locks be installed. This is also a smart policy with regard to ex-employees, especially those who were fired under undesirable circumstances. You need to make sure any previous access these employees had to sensitive information be changed. This could be swapping out passwords, canceling company credit cards and yes, in extreme cases, changing the locks.