Posted by Brian O. on Sep 9, 2014
I was visiting a store a few months ago that rented specialty medical equipment, picking up a wheelchair for a family member who had broken a foot. They had called in advance to reserve it, and when I went in the clerk started flipping through a notebook that had been lying on the counter. The notebook had just been sitting there when I walked in, and I noticed it while waiting for the clerk to come from the back room. After looking through it, he sadly announced that he couldn’t find the page where my mom’s credit card information was written down. This notebook, open to anyone who walked in off the street, was the exact opposite of customer protection. Needless to say, if anyone ever asks me a good place from which to rent a wheelchair, I’ll steer them elsewhere.
In our last article, we talked about why you need to protect your customers. With cybercrime on the rise, and with no business being truly immune from hackers and other criminals, it is important to keep the data of your customers secure. For one thing, it is a legal obligation, not to mention a moral one. After all, when you shop at businesses, you expect them to keep your private information, like credit cards or addresses, safe from criminals. At your small business, you should do no less. This will also help save a business from a reputation disaster. It’s the right thing to do and is good for business. Here are some tips for how to keep the information of your customers safe and secure.
Recognize the unique needs of your business
Your small business is like no other. This is both a sentiment worthy of a Babbit, with its boosterish charm, and also a very unsentimental fact. You have unique employees, unique customers, shipping routes, receivers, supplies, etc. You have your own business plan. You need a security plan that works for how you run your business, not how another business is run. For instance, do you have a small enough company so that every employee has multiple roles and access to many different aspects of your business? If so, you may need to figure out how to segment “need to know” from “know everything,” and how to compartmentalize without compromising efficiency. This isn’t a matter of trust. It’s just that when there are more access points, there is a greater chance for data to escape.
Train your employees to be secure
This can be difficult. After all, you already have to train your employees to do their job, all while balancing your thousand other responsibilities. It is easy to say, “Well, so-and-so will never be handling customer data except at the very front end, or not at all.” But the majority of employees in modern businesses have email, and thus have accidental access to your server. Train them to be aware of what may not be safe to open and appropriate procedures to keep their computer, and by extension your system, secure. A simple accident can destroy your data and your reputation. Keeping secure is no longer incidental to their jobs, but a vital part of it.
Be flexible and test often
Flexibility is important in any business. Consumer demands change, supplies fluctuate, and tastes alter on a bewildering basis. The same flexibility you need to keep ahead of the market is required in security. A plan that works one day may not work the next. Don’t assume that, because you have been secure for a while, that status will hold. Hackers and other cybercriminals are always coming up with new methods to break into a system. Constant testing and re-evaluation is the only way to stay ahead of the game. There is always the chance that you missed something.
Secure your Wi-Fi network
Sometimes it is the most obvious thing that trips us up. Your Wi-Fi network is probably the weakest link, one that can be exploited by nearly anyone, even someone without much skill in the way of hacking. Make sure your Wifi network is hidden, secure, and encrypted. Set it up so the network name isn’t broadcasted, and make sure it is password protected. Those are the first steps to having a secure Wi-Fi network.
If sharing files in the cloud, use a service you can trust
In any business, you are going to have to share your files and other data with colleagues, employees, and partners, both actual and prospective. Using data stored in the cloud makes this easy, but it also means it may be less secure. Use a service that restricts access to files and allows you to only share exactly what you want and with whom. A system that is password-protected and encrypted, that allows for ease of use while maintaining security, is the best of both worlds.
It’s easy to adopt a bunker mentality, and quail in the face of threats. After all, most small businesses didn’t expect these incredibly new challenges. But your business doesn’t have to shrink away or lock itself in a bunker. You can still innovate, and challenge both yourself and the market. If you take a few simple steps toward securing yourself, your business can thrive and operate without hearing a hacker in every unexpected beep.
Posted by Brian O. on Sep 4, 2014
When small business owners are thinking about data security, there should be two concurrent, but not entirely similar, concerns running through their mind. The first is: what if I lose everything? What if some kind of disaster strikes or my system is broken into and destroyed, and I lose all my information? All my data on customers, suppliers, shipping routes, invoices, payroll, what we owe, what is owed to us- gone, with the flickering sputter of a broken server. It’s why we recommend backing up your business data with an encrypted cloud-based storage system.
Posted by Brian O. on Aug 22, 2014
Between January and August of this year, UPS computers were infected with malware that compromised the security of 51 stores across 24 states, and exposed the personal data of over 100,000 customers to hackers. While UPS currently has the situation under control, it demonstrates once again that companies can’t afford the luxury of lax security. From big business to mom-and-pop organizations, no one is invulnerable.
Posted by Brian O. on Aug 21, 2014
Here’s a challenge: follow the news for even just a day without hearing about a company, organization, or government who has suffered a data breach. There follows the usual litany- the huge number of people affected, the ashen-faced promises that “the privacy of our customers/members/citizens is our top priority”, and then a too-often-unheeded urge for all of us to change our passwords to everything. It’s almost become background noise.
But, obviously, ubiquity doesn’t mean the danger isn’t real. And the danger doesn’t come only from hackers who have guessed your passwords or found a backdoor into your servers. You can lose data, or share it with the wrong person, or accidentally leave it somewhere for the whole world to see. It can be destroyed in a fire or lost in a flood (not just paper records- servers can be destroyed).
Posted by Brian O. on Jul 23, 2014
There’s always been a strain in human thought, social creatures that we are, that a higher calling would be a life of solitude. From Byzantine holy men like Simon Stylites sitting on raised platforms for years at a time trying to commune with God, to not-anywhere-near-as-ascetic pond-wanderers like Henry David Thoreau and those who followed, misinterpreting his message of solitude, we’ve always been fascinated by those who strike out on their own.
Of course, these days, that seems impossible. Even if you stake out land in the middle of nowhere, like if you were to buy a town in the Badlands of South Dakota, you’d still be able to be found, and would probably still be connected. You could be spotted on Google Maps and plugged into a navigator. You’d have tax records, business licenses- everything that makes us part of modern society.
Posted by Kalyani M. on Jul 18, 2014
Running a small business is about balance, and about making sure that money is going to the right areas. You have to decide what expenditures make sense, and which ones are just throwing money out the window. A classic example of this is advertising: is spending the money for a TV ad going to bring in enough customers to justify the cost? Or is it just spending money on what is essentially an expensive vanity project?
Another example is disaster preparedness. You want your business to be insured for everything, and to have a fully-detailed plan for a return to operation following a disaster, but plans, backups, and insurance are expensive, and they are merely for potentialities, whereas you may absolutely need a new delivery truck right now. So sometimes things like security are put off to the side, and then when something happens, it is too late.
The thing is, disasters do strike. And while we when we hear the word “disaster” we usually think of a tornado or earthquake or flood, these days your business is far more likely to suffer a data or tech disaster of some sort, whether that is losing everything due to server malfunction, or being hacked into and bled dry or robbed of your secrets. Any of these scenarios can cripple or destroy a small business.
Posted by Brian O. on Jul 16, 2014
Running a small-to-medium sized business is never easy. You have to worry about a lot of things- paying your employees enough to keep them happy, ensuring you have the right amount of supplies to make or sell your product, figuring out where to locate your business (doubly important if in retail), shipping, receiving, customer service, advertising- the list goes on and one. You can take some comfort in knowing that, through the long history of capitalism, twas ever thus- the problems are pretty much the same, even if they acquire modern trappings. You might get supplies from a truck rather than a mule, but it is essentially the same.
Except in the area of crime. Sure, there are shoplifters and unscrupulous middlemen, as always, but it is pretty safe to say that at no other time in human history did you have to worry that criminals thousands of miles away could hack into and destroy your business, robbing you blind. We’re not even talking about a scam artist- just a straight-up criminal, using cybercrime to reduce your bottom line to nothing.
Posted by Kalyani M. on Jul 3, 2014
Over the last few months, there has been a lot of discussion regarding the infamous Heartbleed security bug. This bug has affected almost half of all well-known websites and millions of Internet users. Heartbleed could be considered one of the biggest security threats in Web security history, because it exposes the contents of a server’s memory, where most sensitive user data is stored. This vulnerability allows anyone on the Internet to read the memory of systems protected by vulnerable versions of OpenSSL. By exploiting this vulnerability, any attacker can read sensitive personal information such as usernames, passwords, credit card numbers, and financial data. Also, it can compromise the private keys used for encrypting communication and identifying trusted sources on the Internet.
Posted by Kalyani M. on Jul 1, 2014
Protecting the confidentiality and integrity of patient records has always been the prime focus of healthcare industry. This is probably one of the reasons why industries took a long time to adopt cloud computing for healthcare records. As we know, security of data in the cloud environment has always remained under question. Healthcare industries store an awful lot of sensitive personal data, such as patient names, addresses, dates of birth, and personal medical records. Unauthorized access to sensitive medical records can have a significant negative impact on healthcare services. With healthcare data doubling every year, organizations need to invest in hardware equipment, and tweak databases and servers for storing large amount of data. Cloud computing is an effective and flexible alternative for healthcare companies to handle huge amounts of patient healthcare records.
Posted by Kalyani M. on Jun 26, 2014
Security is a very important aspect of any business. Each day, organizations deal with huge amounts of sensitive and critical data. Loss of corporate data due to data breaches can have a significant negative impact on businesses. In order to protect their sensitive data, organizations invest in many security technologies like firewalls, intrusion detection and prevention systems, vulnerability scanners, anti-malware systems, and much more. These devices generate log files that help information security professionals to research and analyze security incidents. Thus, log management becomes a key component in the security process. Continue reading…