If your small business works with sensitive information or takes payments, cyber security should be a top priority. However, it may also seem that cyber security can be a huge expense on your business. Yet, protecting your information and that of your customers is key to maintaining trust with your clients over the long haul. Therefore, in some respects, cyber security is a key part of your marketing, sales and brand building. What are some of the keys to securing your business? Here are 5 keys to secure your business that can help to keep moving it forward.
Best Practices for Taking Payments
When it comes to taking payments, you are in a position to have critical financial information about your clients. Therefore, it is important to work with your bank or financial institutions, as well as your card processors, to be sure that you are using the most trusted and validated tools. Additionally, consider adding anti-fraud tools to your mix. Your bank or card processor may also impose supplementary security features or obligations.
Another point is to isolate payment systems from any programs that might not be as secure. You might even want to consider putting your payment systems on a separate computer. It is also important that the computer being used to take payments is not used to access the internet.
There is also a big change that is sweeping the banking industry and that is the secure chip technology, which has been deemed much more secure than a magnetic strip payment cards. Therefore, you will need to make sure that you are complying with the new regulations that would apply to your specific business. Check with your card processor to determine if you need to upgrade your equipment and plan for those additional costs.
Back It Up
When it comes to sensitive data, it is important to remember that backing it up is key. You need to make sure that backups occur on a daily basis and more frequently if necessary. Set up a policy to define the documents and data that would qualify as necessary to be backed up based on your specific business. Some of the documents that might fall into this category can include word documents, electronic spreadsheets, databases, human resources and their files, financial files and any parts of the accounts payable and receivables. In fact, it might be important to make sure that your accounting files are separated away from the main group of data and additional firewalls put in place.
Copies of your backup need to be completed and then put offsite, either through cloud storage or by means of a hard copy being placed into a safe deposit box or other option. Backups can even occur automatically, especially if you are using a backup system based on the cloud.
Control Access to Your Systems
Prevent access or use of business computers by unauthorized users, even if they are visiting your offices for a business purpose. The reason is that the more access individuals have to your computers, the more likely a cyber theft can occur. Laptops are easy to have stolen or lost, so it is important that each employee have their own account on the system and that they meet a strict password requirement. Administrative privileges should be limited to specific key personnel, including members of your IT department. However, this information should not be widely available.
Mobile Devices – Have a Plan
The reality is that many of your employees have a mobile device and may use it to access your system. These can cause a significant management and security challenges for your business. Therefore, you need to require that users keep to your standard password requirements and change them frequently. They should also be required to install security apps to prevent theft from various cyber criminals, especially when the mobile device is on a public Wi-Fi network. There should also be a reporting procedure for any devices that are lost or stolen at any time.
Protect the Website
Your website is an important part of your interface with your clients. Therefore, you need to be sure that all pages are properly encrypted, not just the checkout process and a sign up call to action.
As you can see, there is plenty that can be done to compliment your ability to take payments and maintain the safety of your clients’ information in spite of the cyber thefts that occur on a daily basis.
Patrick O'Hara, EA