Business Security Tips

Business E-mail Compromise scam  (BEC)

BEC is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. Scammers pretend to be executives that send emails to employees who are then tricked into thinking the messages are legit and hand over sensitive information to the attackers. The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy. There are various versions of the scams

Establish cyber security rules for your employees

Establish rules of behavior describing how to handle and protect personally identifiable information. Clearly detail the penalties for violating cyber security policies.

Protect against viruses, spyware, malware and other malicious code such as Ransomware

Install, use, and regularly update anti-virus and anti-malware software on every computer used in your business. Such software is readily available online from a variety of vendors. Ransomware is malicious software that denies you access to your computer or files until you pay a ransom. The encryption method that ransomware uses is nearly impossible to crack, so ensure you have full backups offsite readily available

Educate employees about safe social media practices

Depending on what your business does, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be taught how to post online in a way that does not reveal any trade secrets to the public or competing businesses. This type of safe social networking can help avoid serious risks to your business.

Manage and assess risk

Ask yourself, “What do we have to protect? And, what would impact our business the most?” Cyber-criminals often use lesser-protected small businesses as a bridge to attack larger firms with which they have a relationship. This can make unprepared small firms a less attractive business partner in the future, blocking potentially lucrative business deals.

Download and install software updates when they are available

All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install such updates automatically.

Make backup copies of important business data and information

Regularly backup the data on every computer used in your business. Critical data includes word processing documents, spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly.

Control physical access to computers and network components

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft, so make sure they are stored and locked up when unattended.

Secure Wi-Fi networks

If you have a Wi-Fi network for your business make sure it is secure and hidden. To hide your Wi-Fi network, configure your wireless access point or router so that it does not broadcast the network name, known as the Service Set Identifier (SSID). In addition, make sure that passwords are required for access. It is also critical to change the administrative password that was on the device when it was first purchased.

Passwords Are Essential

The first suggestion is to “Create unbreakable passwords” for accounts related to your online presence, such as the domain registrar, hosting account, SSL provider, social media, and PayPal. While there is a lot of discussion about the need for better authentication schemes, passwords are still the main way to protect online accounts, making strong passwords essential.

Criminals can easily set up computers to cycle through random combinations to brute-force attacks. If the password is weak, this process takes very little time. A password manager is recommended to randomly generate strong passwords and to store them securely. If the service offers two-factor authentication, you should really take advantage of the extra layer of protection.

Website – Scan Your Sites

Websites can be infected with malware, just like your PC. Regularly scan your site for vulnerabilities and malware. Attackers can take advantage of vulnerabilities to infect the site with malware or inject malicious code to redirect visitors somewhere else.

Website – Update & Patch

Is your Web server regularly being updated and patched? It’s not just the server, though—your Website also needs to be regularly patched. If you used a popular content management system (CMS) such as WordPress or e-commerce platform such as Zen Cart, then you need to make sure you are updating your software regularly. Attackers frequently target plugins in WordPress, so installing patches regularly is a must. Check with your hosting provider or site maintainer to find out if all the software is being updated on a regular basis.

Website – SSL Certificates

Consumers need to trust you are a legitimate business, and SSL certificates help verify your identity. No site should attempt to collect personal information or e-commerce without a trustworthy SSL certificate to assure users their information is safe.

Website – Don’t Lose Control

No matter who you hire to work on your site, the business should always retain control of the domain name, SSL certificate, and actual Website. It’s all too common for business owners to hire someone to build their website, and when that person leaves, there goes the only person with access to the SSL, domain name, and hosting account. It’s harder to add people to the account or transfer ownership when the original account holder is not around.