Small Business and Startups: 5 Threats to Your Online Security

How often do we read about online security breaches, loss of data, or massive credit card theft? While these events typically involve larger companies or even governments, all businesses are vulnerable to fraud, theft, malice, or just plain mischief.

Most small businesses assume that only larger companies are at risk for security breaches. But over the last several years, small businesses are increasingly the target of hackers and fraudsters. It is essential that any business, particularly online businesses, protect themselves and implement resources to offset these threats.

The key to any successful business is simple: grow revenue, reduce expenses, and prevent loss. Insufficient attention to your company’s security can quickly decrease your effectiveness in all three areas.

A security breach can shut down your e-commerce, reducing your revenue; lead to unplanned expenses due to infrastructure damage; and create losses from fraud or theft that may have been avoidable.

This is a complex undertaking, and every business will have different needs and approaches. Still, there is no arguing about the necessity.

According to SCORE, 77% of small businesses are aware of the potential negative impact of a security breach, and 20% do not have any security strategy or solutions in place.

Here are five online threats to your business and some thoughts on how they can be mitigated.

1. Malicious Code. Denial of service attacks, malware programs, and hacking of all stripes represent a legitimate threat to SMBs. The embedded programs can bring large websites to their metaphorical knees, wipe out databases, and siphon funds from bank or credit accounts. Ensure that your software is up to date and that all current security patches are installed; install and use anti-virus and anti-spyware utilities; and finally, ensure that your systems are protected by a firewall, whether installed with your network hardware or via a software application.

2. Stolen or Lost Devices. If it can happen to the Department of Veterans Affairs or Apple (twice!), it can happen to your business too. Establish protocols for what data can be stored on any computer or device that leaves your office, travels with employees, or is used for remote work. Customer information, credit card data, and bank account particulars should never be stored on unsecured devices. Encryption protocols should be in place, and encryption software should be installed to help protect your data against a loss of this type.

3. Phishing. Every day someone at our company receives a very “official” looking email from a bank or a credit card company or an online service which they are registered with, asking them to please “confirm your password and account information.” The fact that we receive these emails is not surprising, but the fact that thousands of unsuspecting innocents respond to these scams with actual information is shocking and scary. Make your team aware of this type of racket and train them to report any suspicious request for sensitive information, whether personal or business-related.

4. Credit Card Fraud. The bane of any online business, credit card fraud, and the losses it can lead to is a major threat to SMBs worldwide. Most merchant processors offer tools to fight or prevent fraud, but at the end of the day, the merchant will be held responsible for disputed payments or outright credit card fraud, and these tools are not effective.

Because of this, e-commerce businesses must develop tools and practices to combat fraud in-house. Whether this means developing a system to “flag” potentially fraudulent payments, asking for information that a fraudster might not have access to, contacting customers directly to confirm their payments, or building other preventive tools or measures. If you run an online business that takes credit card payments and has yet to run into this problem, just wait; I guarantee it will sooner or later.

5. Unsecured Wireless Networks. Hackers are looking for you as we speak. Some do this simply: they drive around your neighborhood looking for WiFi signals, and when they find one that is unsecured, that is not using encryption, or that never took the time to change the default password, they pounce. Your customer data, company records, and banking information are all vulnerable to the simplest of techniques to hack into your system. At a minimum, your wireless network should use WPA encryption, but encrypting the data will provide even greater protection.

Photo: The brigantine band of Agostino SacchitielloWikimedia