7 Tips for Guarding Your Business Identity Against Cyber Threats

7 Tips for Guarding Your Business Identity Against Cyber Threats

This isn't the first time we’ve discussed identity theft – and the role business owners and accountants play in preventing confidential tax information from falling in the wrong hands. At efile4Biz, we treat data security with the utmost seriousness and feature the latest, most sophisticated security measures to safeguard sensitive information.

While you can rest easy about the online processing of 1099s and W-2s on our site, are you aware of the broader issue of business identity theft? According to a 2014 survey by identity theft and fraud protection firm CSID, the number of cyber-attacks against small businesses climbed to 31 percent in 2013. Just as alarming, only 29 percent of companies with 10 or fewer employees are doing enough to protect against security risks.

Now more than ever, small businesses must be vigilant about strengthening their cyber defense. Here are the top seven risks -- and what you can do to better protect your business.

  1. Risk: Unintended disclosure, where someone in your business (or connected to it) posts private or sensitive company or customer information on social media sites.

    Remedy: Create a clear privacy policy that emphasizes the shared responsibility for protecting sensitive data – especially when it comes to activity on Facebook, Twitter and other social networking sites. Specify what employees can and cannot share about the business on these networks, and request that they use a different username and password than their work log-in.

  2. Risk: Hacking or malware, where unauthorized individuals access your computers or servers to steal or corrupt data.

    Remedy: A fully protected network demands a properly configured firewall and secure wireless connection. Keep anti-virus and anti-malware software up to date – something that many businesses overlook, even after they’ve gone to the trouble of installing software.

  3. Risk: Payment fraud, where information is stolen from a point-of-sale (POS) credit card or payment card system.

    Remedy: Use Secure Sockets Layer (SSL) or another encrypted connection for receiving or transmitting credit card and other payment information. If a third-party vendor maintains your POS system, make sure it doesn’t use the same password for its other clients – and restrict remote access by the vendor. Also, avoid using this same system to browse the Internet, send email or access social media.

  4. Risk: Bad employees, where someone working for you intentionally steals or leaks sensitive information.

    Remedy: While you can’t predict an employee’s behavior once he or she is working for you, there are certain steps you can take to weed out high-risk candidates when hiring. Once you have consent from the applicant, run a background check to review credit reports and/or criminal history. Take the time, too, to get at least two references and follow up with these contacts to verify previous employment information.

  5. Risk: Lost, discarded or stolen paper documents.

    Remedy: Store essential paper documents and records in filing cabinets and rooms that you lock up when not in use – and only give keys to trusted employees. Choose only reputable cloud-based services for information you store digitally. Before throwing anything out, review the recordkeeping requirements for your business, then use overwriting software to delete digital files and shredding devices (cross-cut and micro-cut shredders are recommended) to discard paper files.

  6. Risk: Lost, discarded or stolen mobile devices (such as laptops, smartphones, flash drives and CDs).

    Remedy: All it takes is an employee accidentally leaving a laptop on a plane and you’ve opened the door to a data breach. Rather than have employees download work files on portable thumb drives and disks, allow them to work remotely through an Internet connection – ideally a secure connection, such as a virtual private network (VPN). Also, employees should report lost devices immediately so they can be wiped of all critical data.

  7. Risk: Stolen computers or servers.

    Remedy: Store high-risk data on the fewest number of computers or servers as possible, and separate it from the rest of your data. Also, protect sensitive data with strong passwords that you change on a regular basis. These passwords should contain at least eight characters that are a combination of case-specific letters, numbers and special symbols. Finally, have computers and laptops return to the login screen after five minutes of inactivity.

Start using efile4Biz today

Free to try. You only pay when you're ready to file.