A recent report published by the Association of Certified Fraud Examiners, states that the median loss for fraud cases in businesses with fewer than 100 employees was $190,000 per incident. That’s a lot of cash for a small business with tight cash flow. To help prevent this from becoming an issue in your business and to build awareness, the month of October has been declared National Cyber Security Month.
As part of this month’s activities, Capital One Small Business is partnering with The National Cyber Security Alliance (NCSA) to educate small business owners about the risks associated with cyber crime. Here’s what the NCSA and Capital One suggest that small businesses owners do:
1. Conduct a risk assessment
To protect customer information, conduct an initial risk assessment of your small business online and operating systems. This includes determining if any sensitive information (anything that is critical to your bottom line, e.g., customer database) is attached to the Internet. There are several components of a comprehensive risk assessment. Most importantly, small business owners should install updated anti-virus programs, anti-spyware programs and firewall on all computers. Make sure to keep these programs, along with the operating system and software up-to-date with the most current patches. In addition, ensure that all employees use effective, complex passwords. Passwords should be changed every 60 to 70 days.
2. Educate employees
It is essential that managers and employees have a basic understanding of cyber security, including company-specific procedures and overall best practices. Small business owners need to integrate a cyber security rollout plan within the yearly business plan. This plan should also include steps for measuring success.
3. Back-Up critical information
Make regular (weekly) back-up copies of all important data and information. Creating back-ups on a regular basis ensures that critical data is not lost in the event of a cyber attack or natural disaster. Store all back-up copies away from the office, such as on an external hard drive, and use encryption to protect any sensitive information about your company and customers from thieves and hackers. Encryption programs encode data, making it unreadable until the user enters a password or encryption key to unlock it. And don’t forget to test your back ups to make sure they work!
4. Create a contingency plan
Small business owners should have a contingency plan in place in case the business suffers a cyber security attack. The contingency plan should include steps on how to continue business operations at an alternate location when necessary. This plan should be tested annually.
5. Sign a security agreement
Have all employees sign a security agreement in order to demonstrate that they are taking cyber security seriously and are active participants in helping to maintain a secure online environment. This agreement should also require employees to report any suspicious online activity or known Internet crime to the proper authorities.