Techopedia, the IT dictionary for computer terms and tech definitions, defines cyber-security as: “the preventative methods used to protect information from being stolen, compromised or attacked.” While it is generally considered to reference web or Internet security, it includes data entered from hard copy such as job and credit applications, account numbers and other information. Cyber-attacks are now a daily occurrence affecting over one million people each and every day. 43% of the attacks are aimed at small businesses.
Here are a few frightening statistics from the Ponemon Institute Research Report (June 2016). The average number of breached records ranged from five thousand to over one hundred thousand per attack. Obviously, there are fewer in a small company, but can anyone really afford to lose even one loyal customer? The average cost for each record breached is $221. Direct costs, such as notifying customers, contacting legal counsel, forensic and audit services and providing credit monitoring to those possibly affected, accounted for $76. The remaining $145 related to indirect but significant costs—loss of new customers, loss of valued long-time customers and loss of trust. First Data estimates that the cost of a data breach for a small business averages between $36,000 and $50,000.
Cyber-attacks fall into 3 major categories: malicious or criminal attacks, human error, and system glitches. Criminal attacks are usually the most difficult to find and the most costly. Keep in mind the intent of criminal attacks is to defraud. Keeping hidden is necessary. Computer glitches were the least costly and generally show up the quickest. Disgruntled employees can do considerable damage, but employees may also open email attachments or visit web sites on a company computer that they would not open at home.
When one considers how much data is required to carry on day-to day business functions, the loss potential is staggering. One thing I read in every article: After a breach, after the loss and notifications, every surviving business found the money to invest in cyber-security.
Cyber-security doesn’t have to cost a fortune. The following list is a brief look at basic coverage that doesn’t cost a lot but could save much. Some are more effective than others and so noted but they all work together to insure the safety of both your customers’ personal information and the business data you so carefully guard. Before you brush this off by saying “I never use computers!” let me remind you that you are in a world of many and if you do not use computers you are in the minority. Only 13% of US adults do not access the Internet. That means that the people who do business with you, the banks, vendors, customers, etc., are online. If you accept credit cards in your business, you have a computer in your store. If you are not using computers with the idea that your business is safer, you are wrong because you are not where your customer base is so you are losing customers. Remember only 13% of adult Americans are not online.
Here are some suggestions for a more secure business.
Install Antivirus Software. Buy a license for every computer or tablet used by the store. Do not use the free software. It may be just as effective, but it won’t look as good if you are breached as antivirus software you paid for. Also, make sure your antivirus software is set to update automatically. Whoever, turns on the computers in the morning should also confirm the firewall options are ON.
Train Your Employees. Hold regular meetings to stress company policies—even if there are only 2 of you. Talk about email and phishing scams and how to avoid them. Caution employees not to open emails that look off and never click on a link in an email from a bank or Credit Card Company. If the email is legitimate, it will also be available on the web site under notifications. Also, be careful of attachments. If you weren’t expecting to receive an email attachment from someone, call and ask the sender before opening or downloading if they sent it. Obviously, if your email antivirus software identifies a web site as malicious or dangerous, don’t continue to the site. Caution employees against downloading videos or pictures as these may hide “Trojan horse” viruses. Finally, if an employee quits or is discharged, immediately remove his or her access from your computer systems.
Back up You Files. Currently, criminals are using ransomware (software designed to takeover your computer memory until you have sent payment) to hold your data hostage until the ransom payment has been received. If you suspect a computer has been infected, unplug it from your system immediately. If you perform full regular backups, the infected machine can be wiped clean and re-loaded with only a week’s worth (day’s worth) of data lost (depending on how often you back up your system). While inconvenient, it is not devastating to recover from.
Use complex passwords and do not use the same password for multiple accounts. Passwords should be a minimum of 8 characters in length and should include upper and lower case letters as well as one symbol and 1 number. It need not be so complicated that it’s difficult to input. myDogis#1 is great, easy to type and easy to remember. Also, don’t ever include a list of passwords stored IN the computer. Put those on paper and store that paper in a safe, locked place.
Use a Secure System for credit card processing. Do not photocopy, hand write, or key-in to a terminal, or manually copy credit card information. While this is a common practice for phone orders, consider using a secure online payment system for these transactions. Your POS provider can assist you in choosing the safest method for processing these transactions. If your systems are compromised, keystroke loggers and other hacking tools can retrieve and copy manually entered information for later attacks.
Install Software & Operating System Updates when asked. Pop-up reminders to update your web browser or operating system (like Windows or OS) may seem annoying, but don’t ignore them. Keep operating systems and applications fully patched with the latest security fixes as they will help protect you from attacks. You can always go directly to the site for updates to operating systems or browsers.
Lastly, secure your hardware. That means don’t use unsecured Wi-Fi especially for banking. The Wi-Fi connection at the coffee shop or airport is convenient but not secure. Also, avoid using free USB drives from someone you don’t know. Do not leave a laptop or tablet with private information sitting around where someone could just pick it up and walk off. I am always amazed at the number of people who leave a lap top on top of a suitcase at the airport or lying in the front seat of their car.
Will following these steps protect your data from any attack? NO, but it will help. Criminals account for 50% of cyber attacks and they are looking for fast and easy. Even employees with a grudge are looking for fast and easy. This first line of defense will deflect many attacks but not all. Even if you have no computers in your store, your vendors, leasing agent and landlord, and customers as well as banks use the Internet and your information is passed from one to the other without your knowledge or control. Take steps to protect what you can now.
“Every breach you look at occurred because somebody inside did something they weren't supposed to do. Sometimes there's an accomplice, but most of the time, it's innocent.”