Small Business Computer Security Basics
Don Draper, The Man In The Iron Mask – And 400,000 Consumers
It’s the thread that connects Alexandre Dumas’ The Man in the Iron Mask, the title character in The Talented Mr. Ripley, Don Draper’s back story in Mad Men – and an event scheduled for May 24, 2017, at the FTC.
It’s identity theft.
Ten years ago, the White House issued an Executive Order establishing the Identity Theft Task Force, co-chaired by the FTC. As ID thieves’ tactics morph and modify, public and private partners develop new strategies to prevent the crime and offer assistance to victims. Just one example is IdentityTheft.gov, a site the FTC introduced last year to help people create a recovery plan, complete with personalized paperwork to speed up the process of winning back their good name.
Now is the time to take a comprehensive look at how identity theft has evolved over the last decade and consider where we go from here. That’s the topic of a May 24th workshop, Identity Theft: Planning for the Future.
The FTC has released the agenda for the day. Panelists will talk about the shadowy dark web where stolen data is fenced, the effect that ID theft has on industries like financial services and healthcare, the impact the crime has on people’s lives, and resources available for victims.
Free and open to the public, the conference will take place at the FTC’s Constitution Center building, 400 7th Street, S.W., in Washington, DC. Registration begins at 7:45 AM and Acting Chairman Ohlhausen will open the event at 9:15. Can’t make it to DC? We’ll post a webcast link moments before the event starts.
Why should businesses be concerned about the nearly 400,000 reports of identity theft the FTC received last year? Because the fight against ID theft is an all-hands-on-deck endeavor and businesses have three key roles to play:
Small Business Computer Security Basics
If you’re running a small business with only a few employees, you’ve learned about a lot of things – accounting, marketing, HR, you name it. And you probably depend on technology, even if it’s only a computer and a phone. You can’t afford to get thrown off-track by a hacker or scammer.
Here are a few computer security basics to help your company, even if you’re the only employee. If you have employees, train them to follow these tips. If you collect any consumer information, also check out our advice about protecting personal information.
PROTECT YOUR FILES & DEVICES
Keep your software up-to-date. No matter what operating system, browser or other software you use, keep it up to date. Set it to update automatically so you don’t leave holes hackers can exploit.
Back up your files. No system is completely secure. Create offline backups of important files. That way, if your computer is compromised, you’ll still have access to your files.
Use strong passwords. The longer the better – at least 12 characters. Complexity also helps strengthen a password. Mix numbers, symbols, and capital letters into the middle of the password, not at the beginning or end. Don’t use patterns to lengthen a password. Never use the same password for more than one account, or for personal and business accounts. If you write them down, lock them up. Consider using a password manager, an easy-to-access application that allows you to store all your valuable password information in one place. Be sure to protect your password manager with a strong master password, and only use a password manager from a reputable company. Don’t share passwords on the phone, in texts or by email.
Turn on two-factor authentication. For accounts that support it, two-factor authentication requires both your password and an additional piece of information to log in to your account. The second piece could be a code sent to your phone, or a random number generated by an app or a token. This protects your account even if your password is compromised.
Don’t leave your laptop, phone or other devices unattended in public, even locked in a car. They may contain sensitive information – and they’re costly to replace. If they go missing, the information stored on them may fall into the hands of an identity thief. You also can turn on device encryption to encrypt all data on each device. This reduces the risk to sensitive information in case your device is stolen or misplaced.
Password protect all your devices. If you access your business network from an app on your phone or tablet, use a strong password for the app, too.
THINK BEFORE YOU SHARE YOUR INFORMATION
Protect account information. Every time someone asks for business information – whether in an email, text, phone call or web form – think about whether you can really trust the request. Scammers will say or do anything – or pretend to be anyone – to get account numbers, credit card numbers, Social Security numbers or other credentials. Scammers will rush, pressure or threaten you to get you to give up company information.
Only give sensitive information over encrypted websites. If your company is banking or buying online, stick to sites that use encryption to protect your information as it travels from your computer to their server. Look for https at the beginning of the web address in the address bar of your browser. Look for https on every page of the site you’re on, not just where you log in.
PROTECT YOUR WIRELESS NETWORK
Set up your router securely. If your small business has a wireless network, your "access point" is probably a cable or DSL modem connected to a wireless router, which sends a signal through the air. Your router directs traffic between your local network and the internet. Any device within range can pull the signal from the air and access the internet. If you don't secure your router, strangers could easily gain access to sensitive personal or financial information on your devices.
Use encryption on your wireless network. Encrypt the information you send over your wireless network, so that nearby attackers can’t understand your communications. Encryption scrambles the information you send into a code so that it’s not accessible to others. Modern routers offer WPA2, the strongest wireless encryption widely available. To protect your data, use it.
Wireless routers often come with the encryption feature turned off. You must turn it on. The directions that come with your router should explain how. If they don't, check the company’s website.
Limit access to your network. Allow only specific devices to access your wireless network. Wireless routers usually have a mechanism to allow only devices with particular unique Media Access Control (MAC) address to access to the network. If you want to provide free Wi-Fi for your customers, set up a second, public network – separate from the network for your business devices.
BE CAREFUL WITH WI-FI HOTSPOTS
If you’re on the go, Wi-Fi hotspots in coffee shops, libraries, airports, hotels, and other public places are convenient – but often they’re not secure. In fact, if a network doesn’t require a WPA2 password, it’s probably not secure. To protect your information when using wireless hotspots, send information only to websites that are fully encrypted – look for https on every page. And avoid using mobile apps that require sharing personal or financial information over public Wi-Fi.
KNOW WHAT TO DO IF SOMETHING GOES WRONG
Plan ahead so you know what to do if a hacker gets into your system. There are steps you can take to minimize the damage if you discover malware on your computers, that your email has been hacked, or even if someone takes over your system and demands a ransom to return control of it.
And if someone accesses personal or financial information that they shouldn’t, take steps to respond to that data breach.
Source: Federal Trade Commission
DAJK GROUP is the place where investors, business owners and entrepreneurs can research and find useful information, insight, resources, advice, guidance and inspiration for acquiring funds for their project, acquisition for their net lease commercial real estate, increasing their assets and running their profitable business.