The Retail Management Advisors, Inc. logo


350,387,036 is the estimated number of records containing sensitive personal information involved in security breaches in the U.S. since January 2005.  Most analysts believe this number is actually much higher. Frequently a company finds out after the fact that a breach occurred and they have no idea how many records were affected.  Some businesses have no security for their computers, no firewalls, no encryption, no security software and never know they have been breached until they are officially notified.  The time to protect information is NOW and hopefully this is before you have experienced an information security breach.

So, here's the first line of defense. Fairly easy and affordable . . . certainly much less expensive than the cost of notifying your customers and employees that they should not have trusted you with their personal information.

1. Protect your personal information.
If you receive an email asking you to update your personal information. DO NOT use any links provided in the email, and do not give your information out to someone calling you or mailing a letter to you.

If you receive an email to update your banking information, from a vendor you have a credit account with for example, go directly to that website and log in to your account and check your information. Do you use a provided email link. If you get a phone call, ask to call back and check the number you were given against what you have on file. Either call or email to verify a request for personal information through the mail.

2. Know who you are dealing with.
If you are interested in doing business with someone new, put their name or business into a search engine and see what else you find out. Try calling the contact phone number. Also be wary of file sharing. It is a great tool, but make sure you are protected.  If you don't check the proper settings, you could allow access not only to the files you intend to share, but also to other information on your hard drive, like your tax returns, or other personal documents. In addition, you may unwittingly download malware.

3. Use security software that updates automatically.
Security software should include anti virus, anti spyware and firewall protection. The anti-virus software scans incoming emails.  When your anti-virus program notifies that you should not open an attachment  Don't. You paid for it so use it.  Even if the email is from your best friend or personal banker, don't open it.  Delete it and ask them to resend it. If you have anti-virus software installed and it updates automatically, when a pop-up window tells you your computer may be at risk, click here, Don't!. If you think you should not trust your anti-virus software, update NOW to something else.  The firewall is the guard on duty to keep out hackers. 

4. Keep your operating system and web browser up-to-date and learn their security features.
In addition, you can increase your online security by changing the built-in security and privacy settings in your operating system or browser. Check the "Tools" or "Options" menus to learn how to upgrade from the default settings. Use your "Help" function for more information about your choices.

If you're not using your computer for an extended period, disconnect it from the Internet. When it's disconnected, the computer doesn't send or receive information from the Internet and isn't vulnerable to hackers.

5. Protect your passwords.
Passwords should have 8 characters (as a minimum) and not be a catchy phrase, the user id, or personal information.  Change passwords at least once a quarter and don't use the same password for multiple online accounts you access. Also, it should go without saying, but do not share your password with others. Passwords to never use include "12345678 (or any run of numbers starting with 1)", "password", "football", and "baseball"; these passwords have made the top ten list of hijacked passwords for several years in a row. Also, never store your passwords in a computer file.

6. Backup important information.
If you wonder what information is important, ask yourself what information you get from your employees, customers, and business associates that you need to run your business. Now, if you have important information on your computer, (like customer contact information, bank accounts, the business's tax records, and so forth) back up the information to a disk or external drive and then put it in a safe place. I talked to a computer forensics expert recently. He said he is always amazed at the number of people who will burn the data to a disk and leave it in the disk drive of the computer or put it in the desk drawer. If the computer is stolen or a disaster occurs, the disk will go too. Also, back-up the information and restore at least one file or document and make sure the back-up is good. Then put it in a safe place separate from your business or home (if you operate a home business)

7. Make a written plan today for what you will do in an e-emergency. 
Write a sample of the letter you will send to customers. Make a list of all programs on each computer. Make a list of who uses each computer and for what purpose. Look at all the information you collect and keep. Write down what you collect and why you collect it, why you keep it and how long it is kept. These are questions that will have to be answered if a security breach occurs.