Small Business and Startups: 5 Threats to Your Online Security

How often do we read about online security breaches, loss of data, or massive credit card theft? While these events typically involve larger companies or even governments, all businesses are vulnerable to fraud, theft, or other forms of malice or  just plain mischief. Most small businesses assume that it is only larger companies are at risk for security breaches. but over the last several years, small businesses are increasingly the target of hackers and fraudsters. It is important that any business, particularly online businesses, protect themselves and implement resources to offset these threats.

The key to any successful business is simple: grow revenue, reduce expense, and prevent loss. Insufficient attention to your company’s security can quickly decrease your effectiveness in all three areas. A security breach can serve to shut down your e-commerce, reducing your revenue; can lead to unplanned expense due to infrastructure damage; and can create losses from fraud or theft that may have been avoidable. This is a complex undertaking and every business will have different needs and a differing approach,but there is no arguing about the necessity: according to SCORE, 77% of small businesses are aware of the potential negative impact of a security breach and 20% do not have any security strategy or solutions in place. Here are 5 online threats to your business and some thoughts on how they can be mitigated.

1. Malicious Code. Denial of service attacks, malware programs, and hacking of all stripes represent a legitimate threat to SMBs. The embedded programs can bring large websites to their metaphorical knees, wipe out databases, and literally siphon funds from bank or credit accounts. Ensure that your software is up to date, and that all current security patches are installed; install and use anti-virus and anti-spyware utilities; and finally, ensure that your systems are protected by a firewall, whether installed with your network hardware or via a software application.

2. Stolen or Lost Devices. If it can happen to the Department of Veterans Affairs or Apple (twice!), it can happen to your business too. Establish protocols for what data can be store on any computer or other device that leaves your office, travels with employees, or that is used for remote work of any kind. Customer information, credit card data, and bank account particulars should never be stored on unsecured devices. Encryption protocols should be in place and encryption software should be installed to help protect your data against a loss of this type.

3. Phishing. Every day someone at our company receives a very “official” looking email from a bank or a credit card company or an online service which they are registered with asking them to please “confirm your password and account information.” The fact that we receive these emails is not surprising, but the fact that thousands of unsuspecting innocents respond to these scams with actual information is shocking and scary. Make your team aware of this type of racket and train them to report any suspicious request for sensitive information, whether it is personal or business-related.

4. Credit Card Fraud. The bane of any online business, credit card fraud and the losses it can lead to is a major threat to SMBs around to world. Most merchant processors offer tools to fight or prevent fraud, but at the end of the day the merchant will be held responsible for disputed payments or outright credit card fraud and these tools are not terribly effective. Because of this, it is essential that e-commerce businesses develop tools and practices to combat fraud in-house. Whether this means developing a system to “flag” potentially fraudulent payments, asking for information that a fraudster might not have access to, contacting customers directly to confirm their payments, or building other preventive tools or measures. If you run an online business that takes credit card payments and have yet to run into this problem, just wait; I guarantee that sooner or later, it will.

5. Unsecured Wireless Networks. Hackers are looking for you as we speak. Some do this simply: they drive around your neighborhood looking for WiFi signals and, when they find one that is unsecured, or that is not using encryption, or that never took the time to change the default password, they pounce. Your customer data, your company records, your banking information  are all vulnerable to this simplest of techniques to hack into your system. At a minimum, your wireless network should use WPA encryption, but encrypting the data itself will provide even greater protection.

Photo: The brigantine band of Agostino SacchitielloWikimedia