This isn’t the first time we’ve discussed identity theft – and the role business owners and accountants play in preventing confidential tax information from falling in the wrong hands. At efile4Biz, we treat data security with the utmost seriousness and feature the latest, most sophisticated security measures to safeguard sensitive information.
While you can rest easy about the online processing of 1099s and W-2s on our site, are you aware of the broader issue of business identity theft? According to a 2014 survey by identity theft and fraud protection firm CSID, the number of cyber-attacks against small businesses climbed to 31 percent in 2013. Just as alarming, only 29 percent of companies with 10 or fewer employees are doing enough to protect against security risks.
Now more than ever, small businesses must be vigilant about strengthening their cyber defense. Here are the top seven risks -- and what you can do to better protect your business.
Remedy: A fully protected network demands a properly configured firewall and secure wireless connection. Keep anti-virus and anti-malware software up to date – something that many businesses overlook, even after they’ve gone to the trouble of installing software.
Remedy: Use Secure Sockets Layer (SSL) or another encrypted connection for receiving or transmitting credit card and other payment information. If a third-party vendor maintains your POS system, make sure it doesn’t use the same password for its other clients – and restrict remote access by the vendor. Also, avoid using this same system to browse the Internet, send email or access social media.
Remedy: While you can’t predict an employee’s behavior once he or she is working for you, there are certain steps you can take to weed out high-risk candidates when hiring. Once you have consent from the applicant, run a background check to review credit reports and/or criminal history. Take the time, too, to get at least two references and follow up with these contacts to verify previous employment information.
Remedy: Store essential paper documents and records in filing cabinets and rooms that you lock up when not in use – and only give keys to trusted employees. Choose only reputable cloud-based services for information you store digitally. Before throwing anything out, review the recordkeeping requirements for your business, then use overwriting software to delete digital files and shredding devices (cross-cut and micro-cut shredders are recommended) to discard paper files.
Remedy: All it takes is an employee accidentally leaving a laptop on a plane and you’ve opened the door to a data breach. Rather than have employees download work files on portable thumb drives and disks, allow them to work remotely through an Internet connection – ideally a secure connection, such as a virtual private network (VPN). Also, employees should report lost devices immediately so they can be wiped of all critical data.
Remedy: Store high-risk data on the fewest number of computers or servers as possible, and separate it from the rest of your data. Also, protect sensitive data with strong passwords that you change on a regular basis. These passwords should contain at least eight characters that are a combination of case-specific letters, numbers and special symbols. Finally, have computers and laptops return to the login screen after five minutes of inactivity.