Spreading security is good business
It is good to become known as a business that cares about the security and privacy of its customers.
This does take considerable commitment in time and resources. This commitment shouldn’t be taken lightly. It hasn’t been many years ago that business security meant having a mean dog. That isn’t true anymore.
The new crop of thieves doesn’t need to get inside your building. Businesses depend on computers and that has opened the door to intruders. We often read about computer hackers prying information from mega-sized companies. Symantec, a security firm, said 43% of all hacks in 2015 targeted small businesses, up nine percent from the previous year.
A few tips:
- Develop an internal policy to combat hackers. Train employees in those policies and regularly alert staff to those concerns.
- Keep software up to date. Check this story for details on a number of measures your firm should consider.
- Make customers aware of measures the firm is taking to protect them. They don’t need to know the details, but they should know enough so the company can be considered trustworthy.
- Reinforce the concern for privacy and security with promotional items that underscore your efforts. I’m sure you knew we would get to that.
Credit cards, ID cards, passports and other documents now have a chip with a tiny radio antenna. That’s great for storing information and may also be a source of information for thieves. There are RFID blockers to prevent the signal from going where you don’t want it to go. The options include small, low-cost sleeves, wallets (including phone wallets) and backpacks. We won’t be surprised to see apparel in the future with this feature included.
Security and privacy go beyond transactions
It might be good to highlight your security concerns with associated products.
Webcam covers fit over the camera lens of a laptop and now even phones and tablets. Sadly, hackers can access your webcam without your permission and view anything around your device.
Travel locks with TSA-security approvals allow a person to make sure the wrong people don’t open a bag. New key finders are electronic devices that don’t just help you find keys, they can also be attached to bags and other items, giving an alert if the item is being moved away from you.
A campaign to highlight security might also include distribution of child ID kits. These can be a comfort to parents and a helpful tool for law enforcement if anything should happen.
Hacking is an ever-present danger
We have heard those who claim their operations are too secure to ever be breached by never-do-wells.
Security professionals in government, at major retailers, at data processing firms, universities and anywhere else you can think of know better. Being a small business, small school or local government is no protection. In 2015 43% of all computer hacks targeted small businesses. Small businesses are an easy target because they may not have invested in the same levels of protection as larger firms.
Years ago there were efforts to hack systems just to prove it could be done. Today the hacks are more sinister – they are designed to steal valuable information, alter information or to disrupt someone’s operations. Consumers are as much victims as the targeted operation. Hackers have created viruses and similar intrusive software that will harvest data for long periods of time without being discovered.
Ignoring the danger isn’t an answer. Businesses need to be as prepared as possible and also have a plan in place if they are hacked. Below are just a few tactics. This doesn’t pretend to be a comprehensive list.
Before the hack
- Computer security must become part of every business plan.
- Whether an individual or a business, if you are replacing a computer, make sure the old hard drive is totally destroyed.
- Consult with a trusted source for appropriate security software. Make sure your firewall, anti-virus, anti-malware, application, network and operating system software is up to date. Hackers are working every day to find cracks they can exploit. Current advice is to have multiple layers of security.
- Consider two-factor authentication. This involves use of a password and perhaps a code texted to the user’s phone before access is granted.
- Continually train employees in avoiding dangerous practices. These could be as simple as not opening emails from unknown senders. As more employees work from home or a coffee shop, special efforts may be necessary to make sure the networks they link to are secure. Staff awareness is critical to protection.
- Some simple steps are annoying, but necessary. These include use of strong and multiple passwords that must be updated regularly, encryption of data and regular backups. IT people should hide admin pages so they can’t be indexed by search engines.
- Scheduling periodic audits of your system by a security firm is recommended.
- It may be advisable to use a third party to process orders with credit card information.
- Buy insurance to protect from financial losses incurred by hacking.
- Know that some security steps add inconvenience to your customers. Some recommend that removal of auto-fill removes a vulnerability if a device is stolen. Others find the odds of someone getting into the device to use auto-fill a very small risk. Convenience always comes at a cost.
- Use caution when selecting security software.
After a hack
Even with hacks being ubiquitous, a hack can ruin a business reputation. Be open with the public on what happened and have plans in place on how you will deal with a hack. Be ready to inform your customers immediately after discovery so they can take action. Your plan for a potential hack should include recommended steps for yourself and the customers impacted.
There may be legal reporting requirements with federal agencies who regulate your business, comply with those. You may also want to bring in a forensic team to dissect how the hack occurred. This could prevent future similar attacks and ensure that surreptitious data isn’t still being collected.