Capital One Small Business and NCSA Tips for Cyber Security
1. Conduct a risk assessment
In order to protect customer information, small business owners need to conduct an initial risk assessment of their online and operating systems. This includes determining if any sensitive information (anything that is critical to your bottom line, e.g., customer database) is attached to the Internet.
There are several components of a comprehensive risk assessment. Most importantly, small business owners should install updated anti-virus programs, anti-spyware programs and firewall on all computers. Make sure to keep these programs, along with the operating system and software up-to-date with the most current patches. In addition, ensure that all employees use effective, complex passwords. Passwords should be changed every 60 to 70 days.
2. Educate employees
It is essential that managers and employees have a basic understanding of cyber security, including company-specific procedures and overall best practices. Small business owners need to integrate a cyber security rollout plan within the yearly business plan. This plan should also include steps for measuring success.
3. Back-Up critical information
Make regular (weekly) back-up copies of all important data and information. Creating back-ups on a regular basis ensures that critical data is not lost in the event of a cyber attack or natural disaster.
Store all back-up copies away from the office, such as on an external hard drive, and use encryption to protect any sensitive information about your company and customers from thieves and hackers. Encryption programs encode data, making it unreadable until the user enters a password or encryption key to unlock it.
4. Create a contingency plan
Small business owners should have a contingency plan in place in case the business suffers a cyber security attack. The contingency plan should include steps on how to continue business operations at an alternate location when necessary. This plan should be tested annually.
5. Sign a security agreement
Have all employees sign a security agreement in order to demonstrate that they are taking cyber security seriously and are active participants in helping to maintain a secure online environment. This agreement should also require employees to report any suspicious online activity or known Internet crime to the proper authorities.
If fraud or criminal intent is suspected, it should be reported to the local law enforcement agencies, the local Federal Bureau of Investigation, Secret Service, or State Attorney General’s offices. Moreover, some states require business owners to notify their customers if hackers or thieves could have had access to customers’ unencrypted personal information. One way to prevent Internet crime is by erasing all data on a hard drive before recycling or throwing away a computer.
The Capital One Small Business Resource Center web site (www.capitalone.com/smallbusiness) contains additional resources, information and tips for small business owners. Resources include free online business seminars, insights on creating a business plan and tips to help small business owners operate more effectively and efficiently.