Web Security: Are You Safe?

web securityAs 2017 begins to unfurl before us, one thing retailers know for certain is that cyber crime — and the need for cyber security — has only grown in scale in the past year.

In 2016 we not only saw web security hacks impacting large university systems like the University of New Mexico, but also witnessed online giants like Bitcoin and Yahoo being plagued with data breaches and malware attacks impacting more than a half billion users.

As a small business owner without a million dollar IT budget, how do you keep YOUR online business data secure?

1)      Understand the potential breach access points. If you or one of your staff routinely downloads online documents via emailed orders, understand that contaminated documents that contain malware is one of the chief methods hackers use to gain access to your network. One simple step to take is to make sure that your entire staff is trained to spot any suspicious looking email. Obviously if you are not in Ireland and have not entered the Irish Lottery, if you receive an email with an attachment telling you that you’ve won, all you need to do is download the attached instructions, this email should be an immediate suspect for malware or a Trojan virus. If however, you receive an email that looks like it is legitimate, be sure to have your staff check not only the name of the sender, but look at the recipient’s email address too. Hackers frequently access email accounts and send an email that may have one name in the sender info, but if you look closely, you’ll see the email address does not match the sender’s name and is, possibly, malicious.

2)      Weak Passwords. We’ve all heard the horror stories of people using 123456789 as their password, or even more common, “PASSWORD” or Passw0rd.” Common hacking schemes now include an automated password checker that accesses an email account by trying out various words in the dictionary. This means if your password is a simple word made up of only letters and no numbers or symbols, like ‘inventory,’ for example, hackers may eventually hit upon that password and get into your account. Using passwords that are a combination of upper and lower case letters, numbers and punctuation symbols are much harder for hackers to crack and keep your data secure. Be sure everyone on your team follows this protocol as well and periodically change the passwords to your main accounts. Restricting access to only those members of your team who need to get into your data is also a good idea.

3)       Software and site configuration. When was the last time you had your IT team take a look at your overall system? Checking to make sure all your software and any related applications are up-to-date is key. Old software may contain programming ‘holes’ or bugs that hackers exploit and use to potentially gain access to your data. Keeping your systems and software up-to-date, as well as using a well-known virus protection package like Norton® or McAffe®, go a long way to mitigate the risk to your company.

4)      Encryption. If you process online payments then you know all about having to stay PCI complaint, and using encryption software is required. If you don’t want to be drawn into the myriad requirements involved in compliance, you may outsource your payment transactions to another provider like EBay’s PayPal®, where encryption and financial account security is part of their service. Outside of financial transactions, using an encryption software package to protect your human resources files and inventory systems is also another measure to take to add a layer of protection to your business.

No matter what size your business or how deep your IT budget runs, taking a periodic look at your security measures is a good idea. Technology advances move at a ferocious rate and unfortunately, those with malicious intent are keeping up with the pace. In order to keep your business up to the mark, make it a point to review your business security measures this month and start the year on a prosperous – and secure – footing.