You’ve heard of Tupperware parties and maybe even Botox parties, but have you ever heard of an Internet safety party?
Theresa Payton, former White House CIO and author of “Protecting Your Internet Identity: Are You Naked Online?” is offering to host a customized version of these innovative events for Charlotte-based companies. Her cyber security consulting company, Fortalice, will invite you and your employees to their headquarters or come to you.
This novel idea underscores the growing importance of digital safety for companies of all sizes. Small business owners may think that they are too small to get hacked, but that could be a costly mistake.
“The first thing that I run into with business owners is, ‘Why would anyone even be targeting me? I’m so small.’ But just the fact that you’re in business make you valuable. There are people who would love to use your business’s identity to hide behind in order to commit crimes or access your employee or customer data. And don’t forget your competitors might want to use your information to steal your customers,” said Payton.
According to Payton, the most important way to protect your business and customers is the education and awareness of your employees. Whether you have one employee or one hundred, staff members are your first line of defense. “Ignorance is not bliss in this situation,” said Payton.
Consider a visit to OnGuardOnline.gov, the federal government’s website on online security. The site is managed by the Federal Trade Commission and is a part of campaigns led by the Department of Homeland Security and the National Institute of Standards and Technology.
You can get a jump on IT security for your business in 2013 by clicking on the “Small Business” link on the homepage, which will take you to a selection of videos, articles, and resources for training employees. Be sure to check out the 20-minute interactive tutorial “Protecting Personal Information: A Guide for Business,” which outlines five key principles:
• Take stock: Conduct a thorough inventory of all the personal, sensitive, and confidential information that is collected by your business. Who provides information, how is it provided, where it is stored, and who has access or potential access?
• Scale down: Only collect and keep what you need. Start at the front end by eliminating unnecessary data requests from your forms. Unless there is an essential business reason for it, you can decrease your risk by not keeping credit card account numbers or expiration dates. Also, don’t use social security numbers as employee numbers or customer locators.
• Lock up information: Consider physical security such as locked filed cabinets and office access. Train employees on logout protocols, strong passwords, avoiding email for personal data, and scams like phishing. Make sure any sensitive information that you transmit over public networks is encrypted.
• Use proper disposal methods: Keep a shredder onsite or use a document destruction service. Consider placing shredders next to printers and copiers to encourage good practices. And remember that simply deleting digital information may not be enough – use a wipe utility program before you get rid of that old hard drive.
• Plan for different kinds of incidents, such as being hacked or a lost laptop. Investigate possible security breaches immediately. If you suspect a computer has been compromised, immediately disconnect it from the Internet.
If it’s been a while since you’ve raised the issue of information security with your people, make a commitment to address the topic at the next opportunity. Even something as simple as letting your staff know that cyber security is on your agenda for the year will help to encourage more open communication.