Every day our businesses become more interconnected through the internet. E-commerce is a sector that has constantly grown year on year, even in times of recession. If your business does not have some form of online storefront, you still probably use the internet to communicate with customers and suppliers, or make purchases for your business online. Physical money is being used less and less, as more customers use electronic forms of payment that offer customers convenience and personal security, but this creates an opportunity for data theft.
As the world has become more technologically sophisticated, so have criminals, and your online activity can leave you vulnerable to attack. Law enforcement is also finding that the interactions we have on the internet can lead criminals to our physical addresses to commit more traditional crimes, such as theft and extortion. Sometimes a specific customer may be the target and your business will be used as a stepping stone to their home address. Breaches of data have cost some of the largest companies millions of dollars in lost revenue and bad press coverage and small businesses are not immune to the threats or costs.
Guarding our customers’ data has become more important as legislators have passed laws requiring not just the protection, but also the collection and storage of transaction data. Many businesses are underestimating the value of the data they may hold, not just their own, but also their customers. In the modern world, you can rob a bank from home with the right account details, or steal a person’s identity from a poorly defended Wi-Fi network.
Here are a few simple ways to protect your business, and your customers, from high-tech crime.
Change Your Passwords, and Change Them Often
This simple step is well known, but often underappreciated. Passwords can be easier to guess or steal than you may realize, and far too many people use the same one or two passwords for all of their accounts. At a business, a password may be shared openly between staff, sometimes as a necessity, and is easily overheard. Sometimes a staff member may leave and these passwords will remain the same, and this leaves a massive security vulnerability when a staff member is fired or made redundant.
Take the time to secure your passwords, and make changing them a regular part of your good business practices. Passwords should be changed at least once a month, if not more often, and they should be complex and random and not tied to special dates and names. If you have shared computers at your business, be sure to have a different profile for each staff member with login details unique to them and enforce regular password changes. This will dramatically increase your data security and also help you trace your workers’ actions on your computer system when investigating security breaches.
Keep Your Anti-Virus Software Up to Date
Every computer system should have anti-virus software installed which is kept up-to-date. Modern software should include tools that specifically target ‘spyware’, such as keyloggers. These are used to record every key pressed on your keyboard, every program opened and every website visited. Software like this can hide in your computer and transmit what it records to a criminal targeting your business. It can give them every login name and password, the contents of your emails and customer data silently. This information can even be transmitted ‘live’, allowing criminals to watch you work and gather specific data on specific customers or on time sensitive tasks such as banking and money transfers.
A high-quality anti-virus program will also offer a firewall. This monitors all web traffic to and from the computer, even if it is local, and blocks suspicious activity. Local web traffic is data being transferred over your network, either wired or over Wi-Fi. Criminals are increasingly targeting the internal networks of businesses; they don’t even need to be on your property, just in the vicinity of the Wi-Fi signal. With a connection to your network, possibly with login details from a disgruntled employee, then can access customer data and payment details, and maybe your accounts too. Sensitive information can also be used to try and extort money from a business, or your latest product development ideas could be held to ransom.
Keep Sensitive Data Offline
Keeping accurate records is a good business practice, and with tax reports to complete and legal requirements to hold transaction histories, you can soon find yourself drowning in terabytes of data. The programs we use often compress and encrypt this data which makes it hard to access and read, but this software is available to anyone, including data thieves.
Many businesses are using computers kept offline to store data long term. By physically transferring data on a USB drive or data disk to an offline computer, the only way the data can be accessed is to be physically at the PC. Another good solution is to keep sensitive information that is repeatedly used on a ‘USB stick’. This can become a ‘data key’ that must be physically present when performing tasks, such as accessing business accounts online. By routinely isolating data this way, you can protect yourself and your customers from online threats and concentrate on the dangers closer to your business.
Sweep for Bugs
Though you may think electronic surveillance devices or ‘bugs’ belong in a spy movie or a thrilling novel, the revolution in miniaturized technology has made high-tech spying available to anyone. Tiny cameras, often hidden in regular looking objects, are inexpensive and can provide high-definition streaming playback to anyone around the world. With a camera placed above a cash register or an electronic point of sale, a viewer could see a credit card’s full details and watch the security code be entered by your customer. Within minutes they could have a fully functioning clone of the card.
There are professional services to help you find electronic eavesdroppers, but these are often very expensive, and finding a device is easier than you might think. Have a look at this guide on how to find hidden cameras and listening devices and you could quickly determine if you have a silent spy in your company. Many of these types of devices transmit data over the internet and use your network to do so. If you see spikes in web traffic at quiet times, you may be under surveillance. Counter-espionage devices that can hunt cameras and recording devices have also become cheaper and more widely available and are sometimes a worthwhile investment, especially if your company has a lot of sensitive data and important customers. Your business may well be a target for data theft, or a physical break-in if your data and customers are valuable targets to a criminal enterprise.
Prevent Access to Websites on Your Network
If you provide internet access to your staff or customers, you may want to think about blocking certain websites or whole sections of the internet from being visited when using it. The world wide web has provided us with many conveniences and a wealth of knowledge, but it also offers distraction and entertainment of all kinds. If staff have access to the internet, especially from their cell phones, then it is a wise move for productivity alone to block some websites.
Many websites aimed at adults, or websites that offer illegal streaming of copyrighted content, have malicious software embedded within them. These act as ‘phishing’ websites, where criminals lure a user offering free content and access the connecting device while the consumer sits back and watches the show. Within minutes they can have access to your network and information that is stored on it.
When you also provide customers with internet access, blocking sites becomes more problematic, as you still want to provide them with access to some entertainment and games websites as well as social media. However, many customers will not expect access to the darker corners of the internet or adult entertainment sites, so you can still rein in some activity.
Businesses today are under more threats than they may know. It is not just our competitors we have to worry about, though they may well be the source of some surveillance, there are also opportunists looking for an easy take. By taking some simple measures and making protecting our computers, networks and data a part of our business, we can protect ourselves from the bad actors looking for victims.
Although no single measure or set of precautions can completely protect us, it is important not to present an easy opportunity. Criminals are lazy by nature; working for a living takes more effort than stealing from others, so it is important not to be the low-hanging fruit that is easy to harvest for the modern thief.
Keep your software up-to-date, isolate sensitive data and sweep for bugs and you will have already put barriers up between you and the criminal underworld. Your business is worth going the extra mile to protect.