It's not just small businesses which have moved online; it’s burglars. And they are out to gain access to your data and that of your customers. Here’s how to keep your assets safe and your personal details locked away.
When it comes to doing business online it can be easy to forget that you need to keep up with security. Online thieves aren’t necessarily after your products. They want to steal your identity and gain access to your bank accounts. Or gain access to the data of your customers so they can steal from them. Here is how you can protect yourself.
Start by making an inventory of any data you have that should be protected.
Think of online accounts and passwords, bank accounts, order data, customer financial records, lists of suppliers, documents, images and more. Knowing what you have will help you come up with an effective plan.
Include everything that is essential to operate your business - and don’t forget about your private life.
Once you have your assets in front of you, examine them and ask yourself a few questions. Where are you storing all your data? Is it safe there? Could someone else gain access? Could it become damaged or lost? If you lost your device or if it was stolen, would you be able to recover this information?
Keep in mind that there are laws in place that you must follow. For example it is illegal to leave customer records easily accessible on your computer.
Each region of the world has a set of data protection laws. Before you take any more steps, ensure you are familiar with the legalities.
Using cloud storage allows you you to keep a secure backup of your data online. Even so, make sure you have a password on your laptop, and don’t use automatic log in features. Sites which remember your password may save you time, but they'll also give thieves instant access if they steal your device.Click To Tweet
When it comes to public wireless networks, think twice before sending private documents or accessing bank accounts or other important websites. The available Wi-Fi hotspots such as libraries, hotels and coffee-shops could be compromised and allow thieves to redirect your connection without you noticing or to monitor your traffic to learn what you are doing and the details you are entering.
The very least you should do is to make sure to only access internet addresses which start with https via public networks.
Better yet to always use your mobile phone data or to use a Virtual Private Network (VPN), which allows you to securely connect via the public network to a computer in your office, from which you can then securely browse.
Always protect your computer and network from malware. This malicious software can allow others to access your computer and steal data from it, without you knowing.
A device without security software is a business with its door wide open and the security cameras turned off. You might not realize someone’s been stealing from you until it’s too late.
So install reputable security software on all your devices to safeguard your data and that of your customers and don’t forget to regularly update your systems.
By updating your computers and security software regularly, you can prevent others from overcoming your security.
Having all your information in one place is a recipe for disaster.
What would happen to your business if your laptop or phone broke, was lost or stolen?
The safest thing to do is store your data in a secure place in the cloud. That means storing it in an encrypted place online, where you can access documents securely.
ShopFactory for example stores the orders from your online store on your behalf in a secure and protected way in the cloud, meeting all relevant regulations.
So it doesn’t only secure the order data for you, but also on behalf of your customers, whose data you are also required to safeguard: Especially with the new General Data Protection Regulations coming into force soon in Europe.
Other data can be stored in the cloud using storage space provided by numerous companies. Essentially you store your files on your computer in a special folder, and the cloud provider automatically copies them online and stores them on a secure online drive, which has multiple copies.
Some Cloud service providers are Google Drive, Microsoft Onedrive, and Dropbox.
Storing information in the cloud means that if you lose a device, you won’t lose your data as well.
Replacing hardware can be costly, but can be survived. Losing essential data to run and maintain your business could knock you out of the game or at least set you back significantly.
At the very least make regular backups of your data and store it in a different place.
Don't share things like your your name, phone number, birthdate and email address publicly.
Impersonators could use them to access private bank accounts, records and documents. Never give out your passwords or information over the phone unless you know who you’re talking to.
When it comes to social media sites like Facebook and Twitter, keep your information on a need to know basis.
Don’t post your address, phone number, account details or social security number publicly. Identity thieves can use the information to bypass security questions.
Where possible, use two factor authentication or two step verification when logging into an account. This means usually that you will receive an SMS with a code or a number via a phone app, which you have to enter as part of a login.
Then only a user who has you password and your mobile phone can log into your account.
Always make sure to use a password to access your phone, and do not log into websites automatically.
Most phones automatically give access to contacts, email accounts and even log into websites automatically, making an unprotected phone an easy way to steal your data and your money. Even worse, a thief could lock you out of your many accounts, making it harder for you to resolve any problems.
That’s not even considering that you can now also pay with modern mobile phones.
Make sure you also implement two factor verification with your mobile phone service provider. Don’t allow them to change your personal details or to send out a new SIM card, unless you provide them with a special pass phrase, which they will ask you for, when you call them.
Otherwise a thief with access to your name, address and birthdate could gain access to your service provider account, ask for a new SIM Card and use your phone number to intercept two factor authentication messages.
Using cloud storage, you don't need to keep confidential files on your computer. But you should password protect your laptop and desktop computer, just like your mobile phone.
Again do not log automatically into websites, and do not store your passwords in a document on your computer, if you want to be safe.
Before you throw away or sell a computer or mobile phone, make sure you delete everything on it.
You can use a wipe utility program to overwrite the entire hard drive or format the drive. There have been cases of people buying devices and finding details from past users on them or having full access to their cloud accounts.
When you dispose of a mobile phone there are also a few steps you can take. Remove your sim and memory card, and reset the phone to its original factory setting to delete anything that’s on there.
Your email inbox might seem like a safe place. But it's an easy target for people trying to trick you. Sometimes, they ask directly for your personal or financial information. Other times, they might send you a link to a website which will install malware or steal access passwords from you.
Sometimes, these fake emails can be hard to tell apart from the real thing. They often steal the logos and banners from real businesses and banks to use in their emails. They might pretend to be your bank so they can steal your password or claim to have an attachment with an invoice you haven’t paid or a parcel delivery which is on the way to you.
Here are a few quick pointers to avoid getting fooled:
Once you have your computer protected and your documents out of reach, you need to keep an eye on them. Make note of who has access to what, and when. That way you can detect a potential security breach. It will also prevent employees seeing documents which are for your eyes only.
The majority of security breaches are accidental. They happen when people lose devices, or accidentally post information or private details.
When you’ve read this article, those are mistakes you’ll stop making.
But make sure to talk to your employees too, so they don’t become your weakest link.
Follow the eight steps in this article and you'll be keeping your business safe.
- Lena Klein