Some tips for preparing for the inevitable security breach
As small business owners and entrepreneurs, we have to understand and embrace the dogma that it is not a matter of “if” but “when” you, I and everyone else will get hacked.
For this reason, entrepreneurs should prepare for rather than simply avoid cyber threats. Here are the few tips I have learned over the years to help that preparedness happen:
1. Take the threat seriously.
We are inundated almost daily by news about criminals hacking and stealing data from movie studios, major retailers, and even our most secure — or perceived as secure — government agencies.
While these incidents may lead us to believe that big companies are the targets for hackers, the harsh reality is that small businesses are at as much risk as large corporations.
McAfee, a leading provider of security software, recently reported that it had found that 90 percent of small- and medium-sized U.S. businesses do not sufficiently protect their electronic company and customer information.
This is a sobering statistic, especially when you consider that PwC (formerly PriceWaterhouse Coopers) estimates that breaches can cost small firms up to $100,000 to remedy and, larger firms, well into the millions.
And there’s more: Beyond data, how secure is your business’s banking and credit card information? Having your credit or bank account compromised can be a significant inconvenience and disruption to your business when the bank suspends your accounts as it investigates over the course of several days.
2. Avoid public wi-fi.
One of the easiest ways for hackers to collect your information occurs when you use unsecured wi-fi networks. Any official business, especially the kind that requires a login and password, should be done only through secure networks that you have set up. Mobile phone data networks are also secure — at least for now.
3. Set up (and pay attention to) alerts.
All banks and credit cards have alerts that you can set from a text when a transaction has exceeded a stated amount; or you can receive an email when your bank or credit card balance hits a certain level. This was actually how we caught the fraudulent activity on our Discover card.
Ironically, I know many business owners who receive notifications for sports scores, news and social media, but will not take the time to set up important business financial notifications.
4. Check your banking activity often.
Over the years, I have learned to consolidate my banking activities, both business and personal, so that I can easily check transactions once every few days and even daily when I have the time.
Services such as Mint or Quicken can also help you monitor transactions across all of your accounts and have great mobile apps you can use on the go.
5. Subscribe to an identity-theft service.
For a long time, I hated the idea that identify theft companies existed. I had always believed these companies used scare tactics to manipulate customer sentiment, which encouraged customers to sign up.
But it takes only one violation of your privacy to demonstrate the value these services have.
6. Tighten your password security.
Having a strong and unique password for each of your accounts is crucial, as well as a major pain. Consider instead a password “algorithm,” or a common password theme, that makes remembering all of your complicated passwords much easier.
Also, many apps for financial institutions now have fingerprint and facial recognition features, so take the time to set them up. And, when available, take advantage of more secure login protocols, such as two-step authentication, when accounts permit them.
All of these processes require more time and can be inconvenient, but no more inconvenient than spending hours on the phone remedying your accounts once you’ve been scammed.
7. Get your employees and vendors on board.
According to Cyrus Walker, CEO of Chicago-based Data Defenders, research demonstrates that approximately 80 percent of security-related incidents are a result of employee behavior.
For this reason, your employees need to be well trained about and aware of the threats to your company’s cyber security. Policies should be clearly stated within and throughout the organization.
Additionally, your vendors and other business partners, especially those with which you conduct financial transactions or share sensitive information, should be vetted and required to uphold stringent Internet security protocols.
Of course, not every vendor will be able to comply, but demonstrating your willingness to make cyber protections a priority will help lead and drive home its importance.
8. Consider insurance.
If your business transacts a significant amount of business through the Internet, stores sensitive information online or communicates electronically, it is probably worth discussing with your insurance agent the potential loss that could result from a major data breach in your company. Unfortunately, protection for the unforeseen cyber security threats is becoming as standard as liability insurance for company vehicles.
The message here is not to scare entrepreneurs into action. Rather it is to emphasize that while businesses probably can’t avoid breaches, they can certainly take great strides in preparing for the worst.