If you’re a business owner conducting online operations, you’re subject to a number of online risks not typically seen by purely brick-and-mortar merchants. You’re protecting not only your business’ information, but you’re also responsible for protecting the data that your customers entrust to you. A data breach or hack can not only be costly to your business and reputation but can also be catastrophic to your customers. Knowing what the online risks are to your business – and how to best mitigate them – is critical for you as a business owner operating online.
There are several steps you can take you set up your business for security success. Many of these steps are simple to implement, even without having to hire professional IT services. Your customers expect their data to be secure. If your business is vulnerable, it’s not a question of “if” you’ll have a problem. It’s only a matter of when.
1. Control the access to your physical systems
The only people who should have physical access to your computers are the people who need that access. Depending on the devices your business uses, you might need to worry about more than just a computer in the office. Laptops, phones, and other devices can be stolen – along with all the information on them. Make sure that you protect that information by protecting the devices holding it. As a side note ensure “need-to-know” when it comes to handling customer information.
2. Control employee access to software or databases
Set up individual user accounts for each employee instead of letting everyone work on the same account. Only allow access to systems, databases, or information that is necessary for their job function, and block any ability to install software. Also, a good practice is to encrypt the data in the database, so even if breached the data can’t be read without the encryption keys.
3. Secure your Wi-Fi
One of the biggest things you can do to protect your business is to hide your Service Set Identifier or SSID. That means it won’t show up in a listing of available Wi-Fi access points, and that means it’s a little harder for an attacker to find. Put a password on it as well – a good one, such as a phrase of unrelated words that are easy to remember.
If you normally offer Wi-Fi access to your customers, you can create a guest account that’s open to the public or has a simple password for your clients.
4. Keep updates and backups current
Software companies use updates to patch security holes or vulnerabilities in order to downsize the online risks. So it’s critical that you keep your programs up to date. When possible, set your software to auto-update, and run anti-virus and anti-malware programs. It’s also a good idea to set a recurring date, whether monthly or quarterly, to go over your computers, phones, and other devices to make sure everything is up to date.
Backups are also an important part of any security plan for your business. Take some time to go over your critical information. This might include personnel files, databases, financial records, and anything else you wouldn’t want to be plastered on a billboard. Make backups regularly – nightly if possible – and keep them in a safe place. External hard drives, flash drives, or the cloud are excellent choices.
5. Train your employees in online security practices
Humans are always the weakest link in any security program. But a lot of that comes from simply not understanding what to do. No matter how much work you put into making your business safe in online operations, one wrong move by your employees can be incredibly costly. You can get the most out of your overall security efforts by making sure your employees are aware of basic security practices. Set up rules about email handling, and dealing with outside attempts to gain information. Enforce policies about appropriate Internet usage, and establish corrective actions for policy violations.
6. Use encryption for payment processing to minimize online risks
Most online payment processors such as Square, Stripe, PayPal, and others use bank-level encryption, so if you’re using those, you’re probably all set here. Don’t be tempted to use a smaller, or cheaper processor to save money – you might be cutting corners you aren’t even aware of. That can lead to an expensive data breach and the loss of your customers’ trust. As a rule of thumb, when transferring data online always use an SSL encrypted connection.
Don’t allow the computers you use to process payments to be used for anything but that. Often small businesses have a computer at their point of sale, but employees also use it for surfing the internet. When you set up their user accounts, block access to browsers through a firewall or software meant to lock down internet access to only the necessary functions.
7. Speaking of firewalls…
Make sure that your internet connection has firewall security. This is especially critical for employees who work remotely or travel for business and take their devices with them. Firewalls keep your data connection private and block outside connections from trying to access it. As we’ve just discussed, a firewall can also block certain internal connections from reaching the internet if you desire.
8. Secure your mobile devices
If you issue phones or tablets to your employees, you need to ensure that those devices are safe from a lot more than physical theft. Ransomware, for instance, can lock down critical information on the phone until you pay an exorbitant amount to the hackers. A virus or other malware can infect your whole system as soon as an affected phone connects to a laptop or other device on your network. To prevent catastrophe, make all of your employees encrypt their devices. Try to use best practices for security, and run a program that scans for malware often. This will lower the online risks you’ll run to.
Conclusion
Security can be a full-time job – and for large corporations, it is. Even entrepreneurs and small companies, however, can benefit from implementing the practices listed above. Even if they don’t employ IT security personnel. When it comes to protecting your business, prevention can incur a bit of cost, but many necessary programs either have free versions or are quite affordable. Even with costs incurred, with the potential consequences and reputation loss from a hack, security is a critical part of your business operations.
Latest posts by Bill Hess (see all)
- 8 Ways to Protect Your Business from Online Risks - December 25, 2017
