Reposted from my column in the Portland Business Tribune.
We’ve all heard about the cyber attacks on large businesses—including Home Depot, Anthem and Target—but small businesses are actually the most common targets of online scam artists.
According to StaySafeOnline.org, 71 percent of data breaches happen to small businesses, and nearly half of all small businesses have been the victim of a cyber attack. Visa Inc reports that 95 percent of credit card breaches it discovers are from its smallest business customers.
Criminals are attracted to small businesses for three reasons:
- Due to a lack of resources, they are less equipped to handle an attack.
- The information hackers want—credit card credentials, intellectual property, personally identifiable information—is often less guarded on a small business system.
- Small businesses’ partnerships with larger businesses provide back-channel access to a hacker’s true targets.
Protecting personal information should be a high priority for any business. A data breach is not just a financial problem, but it will make customers lose trust in a business. Your customers will stop coming to you if they don’t believe their information is safe in your hands. Among small businesses that suffer a breach, a staggering 60 percent will go out of business in six months, according to Experian.
To protect your business and your customers, it is imperative you have safe-measures in place as well as a plan for recovery in the event of a cyber attack. Consider the tips below, and read Better Business Bureau’s comprehensive guide on data security for businesses at bbb.org/data-security.
Minimize what you save. Don’t collect or keep any information you don’t absolutely need. When information is no longer needed, make sure it is destroyed responsibly.
Restrict access. Limit access to data to only the people who need the information in order to do their jobs. Sensitive electronic information should be encrypted, and portable electronic devices should be secured. Any paper records should be locked up when not in use.
Use strong passwords. Never use the default password provided by your IT person or service provider. Each computer user at your company should have his or her own unique password. Never use simple passwords such as your name, your business name, “12345,” “ABCDE” or “password,” and never use the same password for multiple accounts. Strong passwords include a combination of numbers, letters and symbols, and they should be changed every 60 days.
Block intruders. Use up-to-date antivirus protection and firewalls. Most antivirus programs will automatically update the software as new viruses and spyware become known, but you should also run a full scan for viruses and spam at least once a week. Make sure your Internet connection is secure, and keep any guest Wi-Fi networks completely separate from the rest of your networks. Be aware that personal websites, including social networks, can be a gateway for malware and viruses; use business computers for business-only purposes.
Share with caution. Use a secure connection, such as SSL technology, when transmitting data over the Internet. Do not transmit sensitive information via email unless it is encrypted. When mailing physical records, use a security envelope, request package tracking and require the recipient to sign for the package.
Back up information. Back up data on all computers automatically, or at least weekly, including word processing documents, spreadsheets, databases, financial records and human resources files. Store backups in a secure location that is offsite or in the cloud.