Entrepreneurs can leverage Web-based technology to develop business models that are on par with large companies (and their much larger pools of resources), for a fraction of the cost. Despite its many benefits, however, Web and technology use can attract cybercriminals. Here are some simple Web security processes all entrepreneurs should incorporate to proactively minimize a business’s online vulnerabilities:
Be realistic about your risk
Just 45 percent of small-business owners that responded to a Travelers survey said cybercriminals are a concern, compared to 70 percent of larger businesses. However, as Forbes reports, nearly 20 percent of all cyber attacks hit small businesses with less than 250 employees. Perhaps more importantly, such breaches can prove devastating: Roughly 60 percent of small businesses close within six months of a cyber attack.
Start with the front lines
Despite your best efforts to incorporate firewalls and Web security software into your business’s systems, the innocent actions of your own employees and business partners can make it vulnerable. Instill internal Web security processes, including the use of regularly updated, strong passwords (no pet names, commonly guessed numbers, or Post-it notes with written passwords stuck to computer monitors). Require that employees who use mobile devices to conduct business (even for basic functions, like checking email) install and maintain security software on their device. Mandate protocols for how employees are to report lost or stolen devices used for business, including laptops, mobile devices, VPN tokens, USB drives and Wi-Fi cards.
Know the tricks hackers use
Though security experts recommend either employing an on-staff technology resource, or contracting the services of third-party security experts who can consistently monitor your business systems for potential threats, your knowledge can prove invaluable in proactively protecting your business. Just as you likely had to learn some new skills when you chose to become an entrepreneur, set a few minutes aside each day to educate yourself on Web security from the communities “in the know.” For example, TheHackerNews recently reported an Apple Safari browser vulnerability that hackers use to spoof legitimate Websites and lead users to malware-infected imposter sites. When you’re aware of the latest threats, you’re better equipped to ask the right questions of the experts you rely on for your Web security.
Don’t tempt with admin pages
Search engines seek to index as many pages as possible; it’s your job as the site owner to tell them otherwise. Knowing that many businesses may not take this extra precaution, hackers commonly scan for sites whose admin pages are indexed by search engines, because they’re an easy entryway to a business’s internal systems. Use the robots_txt file to prevent admin pages from being indexed along with a robots “noindex” meta tag for the page itself.
Take the time to make updates
Installing business-wide software updates can temporarily interrupt productivity — but many come available because of a known security issue. Every hour you wait to update security software is time your business is a proverbial sitting duck for a potential hack. Hit the “pause” button on operations to ensure that your systems transition to the latest and most secure versions of software as soon as they’re available for download.
Partner with reputable providers
There are many e-commerce providers and payment processors businesses can use to sell online, and accept customer’s credit and debit card payment on the Web and via mobile devices. While prices and service levels vary, the security protocols they offer are invaluable. Select a reputable provider that ensures end- to-end encryption and Payment Card Industry (PCI) compliant transaction processing — even if it’s not the lowest price option. Though even reputable providers aren’t perfect (Yahoo! reportedly paid a hacker $24,000 for detecting vulnerabilities in its Yahoo! hosted small-business Websites), those who are proactive in protecting your business will prove worth the cost.
If you use the Web, a computer, or a mobile device in your business operations, it’s at risk for a potential cyber security threat. These basic precautions can protect your business’s online security, in much the same way you would lock the doors and guard the keys to a business’s physical location.
Kristen Gramigna is Chief Marketing Officer for BluePay, a credit card processing firm. She has more than 20 years experience in the bankcard industry in direct sales, sales management and marketing. Check out Kristen’s Twitter profile here.