Protecting your business online

There are a number of risks that you’ll face in business – from cybercrime and loss of data. Safeguard your business from anything that may impact your survival and growth.

Watch out for warning signs

First, it’s worth paying attention to anything the seems out of the ordinary such as:

• Large unusual transactions from unknown buyers.
• Payment using many different credit cards.
• Rush orders or any type of unusual urgency from a customer.
• A high volume of transactions in a short period of time.
• A customer orders small amounts and pays on time (building trust), then places a very large order (which they don’t intend to pay for)

If you’re not sure whether a transaction is legitimate, implement a few extra steps to double check.

• Call the customer to confirm their order
• Use anti-virus/anti-malware programs
• Reject any order you’re still suspicious of, always trust your gut! If it doesn’t feel right, it probably isn’t.

Educate your team

Provide training and regular updates to help your team identify and prevent fraud and spot suspicious transactions. Make sure your team are aware of the consequences of fraud. Customers could be heavily impacted as they won’t have access to funds for an extended period of time and your business could be liable for purchases made on a compromised card.

Take care of your data

Your business data is possibly your most valuable asset. Imagine if all the information on your computers, laptops, and devices was wiped clean (either by mistake or by a malicious attack). Reduce the chance this will occur by:

• Only hold the customer data you need. The more information you hold, the higher your security risk.
• Regularly back up automatically and store your backups securely offline. You can then restore your data if it’s lost, leaked or stolen.
• Set up logs to record all the actions people take on your website or server. Set up alerts to notify you if an unusual event occurs. Make sure someone reviews the logs when an alert comes in.
• Create an incident response plan to help you get your business back up and running quickly if your business is targeted by cyberattack. Talk to your staff about the plan ahead of time.
• Select a cloud services provider who will provide the right services for your business. Check their data and security policies. Ask if they’ll do backups and if they offer two-factor authentication.

Check that your internal systems are well managed

Part of protecting your business online is putting in place procedures that are compulsory for all employees to agree to (often it’s best to put these conditions into employment agreements and flag non-compliance as serious mis-conduct). Consider asking staff to:

• Make sure anyone who logs in to your system must use multi-factor authentication. This means that everyone should use an additional factor such as a token (something they have) or biometrics (something they are) in addition to their username and password (something they know), to verify that they are who they say they are.
• Change default passwords and check for default passwords on any new hardware or software. If you find any default credentials, change the passwords.
• Be creative when choosing answers to security questions. Answers such as your real pet’s name and where you attended school can be easy for an attacker to discover with minimal effort. Choose unique and unusual answers that aren’t necessarily real.
• Create unique passwords for each account so if an attacker gets hold of one of your passwords, they can’t get access to all of your other accounts.
• Don’t give out personal information. Legitimate-looking emails are very clever at trying to trick us into giving away personal or financial information. Stop and verify that the email is truly who it claims to be from. When in doubt, call the sender using a known legitimate phone number to verify any emails that may look suspicious.
• Be smart with social media. What you and employees post on social media can give cyber criminals information that they can use against you. Set your privacy so only friends and family can see your details.

Protect your financial information

While you could survive a cyberattack which disrupts your business, it might very likely still be embarrassing, annoying, and time consuming to remediate the effects of the attack. But if your finances are impacted, the impact is even greater.

Reduce the chance of financial loss by:

• If you need to pay a new supplier, or to change payment details for an existing supplier, verify the information with the supplier by contacting them by phone or text before you approve any payments. Do this for any unusual or unexpected requests.
• Check bank statements regularly as that could be the first tip-off that someone has accessed your accounts. Call us immediately at 800-244-7592 if you see something suspicious.
• Obtain a recent credit report annually to verify that there are no loans or credit lines listed for you that you did not open yourself.
• Monitor your network and install regular software updates and security patches to stop attackers from getting access to your business network through known vulnerabilities.
• Install and maintain updated anti-virus software on all business devices that access your sensitive data. This will protect your systems from malicious software that could result in a compromise. Purchase antivirus software from a reputable company and run a scan of your data regularly.
• Configure network devices like firewalls and web proxies to secure and control connections in and out of your business network.
• Always utilize a VPN that uses two-factor authentication if you need to access your business data from a public wifi hotspot. These access points should be considered untrusted as they are shared with other unknown individuals who could feasibly eavesdrop on what you are doing.

Summary

Like most things in business, prevention is better than a cure; a little planning now could save you a significant financial cost in the future.

If you, your friend, or your business experiences an online security incident, report it.