Even More Security Tips for Online Businesses
3: Manage Your Risk
You can decrease your vulnerability to cybercrime — or at least minimize the damage of an attack — with a few pretty low-tech precautions. They require some time and effort, but you should be able to do it without outside help. First, you need to be aware of all the information that your business contains, from the minor stuff to the valuable records whose loss would be devastating. Record where it's stored, exactly who has access to it, if it's connected to the Internet (which makes it more vulnerable) and what its value is to you.
Now you should be able to discern what information is in a secure place and what needs to be backed up, encrypted or moved to a safer spot. You might realize, for example, that you want a dedicated, stand-alone computer for your payroll program and banking activities. When you're done, you'll have a better handle on the next steps to fully secure your systems.
2: Dispose of Data Safely
When outdated computers are phased out or an employee leaves the company, you can't just throw the equipment into the trash and call it a day. You have to make a concerted effort to completely destroy all the data on that hard drive, whether the computer will eventually be junked or repurposed for another employee. Otherwise, you'll always wonder if that information could come back to haunt you someday.
Manually dragging files to the desktop recycling bin won't cut it, and bashing the thing with a hammer, a la "Office Space," probably isn't the most professional option. Experts recommend a one-two punch: "wiping" or "degaussing" combined with physical destruction via a hard-drive shredder or crusher. Wiping software replaces all the information on the drive with gobbledygook characters. The degaussing process demagnetizes the hard drive, rendering it completely useless. Not as much fun as smashing it to smithereens but much more effective.
1: Respond and Report
In the event that your company does experience a cyberattack, waste no time responding. Quarantine the equipment that might have been infected, and clean it out. Notify business partners and contacts who might have been indirectly affected by the attack. Figure out if any of your customers' payment information has been compromised. If you don't have IT staff, you should definitely hire a professional to analyze the problem and resecure your system.
You also need to report the incident immediately to local authorities, the Internet Crime Complaint Center and possibly the FBI. You might want to just forge ahead and put the whole ordeal behind you, but reporting the crime will protect you and other businesses from further attacks. It'll help law enforcement gain clues about the perpetrators and how they operate. They might not be brought to justice immediately — or ever — but it's an important step.