SCORE Small Business Blog

Keep Yourself & Your Biz Safe

Malicious individuals are after your personal data and identity for their own use.  A security breach impacts individuals, organizations and communities. When online, keep this in mind: stop, think and connect.

Stop for a moment. Think before acting. Connect responsibly.

Phishing: Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email, seemingly from a reputable credit card company or financial institution, which requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Employees should know not to open messages or attachments from unknown sources. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, dangerous email.

Spyware Download: The words “spyware” and “adware” can be confusing, because they’re used to describe many different technologies. The two important things to know about spyware and adware programs is that 1) they can download themselves onto your computer without your permission when you visit an unsafe Web site or download an application you want and spyware is attached and 2) they can make your computer do things you don’t want it to do.

Sometimes that might be as simple as opening an advertisement or pop-up you didn’t want to see. In the worst cases, spyware can track your online movements, log your keystrokes (steal your passwords and compromise your accounts), and send copies of emails and other documents to third parties.

Social Media: The speed and visibility of social media makes for a fun experience and great entertainment, but it also creates an opportunity to embarrass yourself or others, jeopardize your employment or, worse still, compromise your safety or your identity. It is ultimately up to you to manage your digital identity on social media sites.

1. Review and use privacy settings.  Decide how visible you want your contact and profile information, photos, videos and postings to be, and then take the time to learn how to set the right level of control.
2. Decide how searchable you want to be.  It’s best to make it a conscious choice and set up your profile the way you want, rather than leave it to the default settings.
3. Configure your tweet settings.  You can restrict tweet delivery to those in your circle of friends or, by default, allow open access.
4. Keep all tagged photos private.  If you’d like to make tagged (named) photos visible to certain users you can choose to add them in the box under the “Some Friends” option.
5. Don’t share information that can help people steal your identity or locate you.  Exercise good judgment when posting and sharing personal information.
6. Check into your ability to opt-out with advertisers and third parties.

Connected Devices: Your company should have clear rules for what employees can install and keep on their work computers.  Make sure they understand these rules and abide by them. Unknown outside programs can open security vulnerabilities in your network.

Update Alerts: Keeping your computer updated and patched will provide an additional layer of security for your system, and your personal data. Using out-of-date or defective software can leave your computer open to infection or attack, so it is essential to be vigilant in the update process.

Each computer runs on a specific operating system (OS) that houses the vital components that allows your computer to work.  The three most well-known operating systems are Windows XP and Vista, Macintosh OS X and Linux.  Much like the specific programs your computer runs, online criminals and hackers launch specific attacks against computer operating systems for personal gain.

In order to keep step with these types of attacks, OS manufacturers issue regular updates (or “patches”) that fix specific problems or vulnerabilities in the OS.  These updates are primarily “pushed” to the computer user, meaning the computer automatically receives and downloads those fixes.

Password Protection: Choosing the right sorts of passwords, changing them routinely and keeping them under wraps are among the easiest and most effective things your employees can do to protect your data. Use startup passwords to prevent thieves from easily accessing your data. Make sure to choose a strong password that would not be easy to guess. Drawing a blank on what to use? Consider a favorite saying or line from a song and use the first letter of each word. Adding capital letters and/or numbers will help to strengthen the password even more.

Physical Protection of Devices: A minor distraction is all it takes for your laptop to vanish. If it does, you may lose more than an expensive piece of hardware. The fact is, if your data protections aren’t up to par, that sensitive and valuable information in your laptop may be a magnet for an identity thief.

1. Treat your laptop like cash. If you had a wad of money sitting out in a public place, would you turn your back on it—even for just a minute? Would you put it in checked luggage or leave it on the back seat of your car? Of course not! Keep a careful eye on your laptop just as you would a pile of cash.
2. Keep it locked. Whether you’re using your laptop in the office, a hotel, or other public place, a security device can make it more difficult for someone to steal it. Use a laptop security cable: attach it to something immovable or to a heavy piece of furniture that’s difficult to move, such as a table or a desk.
3. Keep it off the floor. No matter where you are in public—at a conference, a coffee shop, or a registration desk—avoid putting your laptop on the floor. If you must put it down, place it between your feet or at least up against your leg, so that you’re aware of it.
4. Use a non-descript carrying case. Use a form fitting sleeve to protect the laptop and carry it in your briefcase, backpack or tote. If using something with a zipper, consider adding a small lock to the zipper to keep hands from easily reaching in to the bag.
5. Keep your passwords elsewhere. Remembering strong passwords or access numbers can be difficult. However, leaving either in a laptop carrying case or on your laptop is like leaving the keys in your car. There’s no reason to make it easy for a thief to get to your personal or corporate information.
6. Backup important data before traveling. No one wants to think about losing their data, but a few minutes spent backing up your files will protect you later.
7. Write it down. Make note of your laptop’s serial number and keep it in a safe place. This will help the police to return it to you should it be recovered.
8. Mark it. Engrave your name and phone number on the laptop case or affix a permanent asset tag. These permanent forms of identification will help police to return the laptop to you if found and will make it just a little harder for thieves to sell your laptop to unsuspecting buyers.
9. Finally, if the worst does happen and your laptop is stolen, report it to local authorities immediately. If it was a business laptop, also notify your employer.

SCORE Association, SCORE
View more posts by SCORE