You own or manage a small business. You have business documents stored on the office server. You may have remote site employees taking customer information and orders on the road.

Maybe you even own a couple of patents or other intellectual properties, described in detail and stored in “the cloud.” Even if you’re a small start-up, you have valuable information – Social Security numbers, bank account numbers, PINs, proprietary software – assets that you want to protect from hacker attacks.

Here’s what the U.S. Department of Homeland Security recommends you do to keep business data secure from hackers.*

Start by training employees to think “security.” Your staff probably uses the same computer practices in the workplace that they use at home. Create an office security manual that lists simple security measures and sets forth the business’ best practices to protect against cyber-attacks. If you aren’t the cyber-security expert, hire one to train your team to be prudent online.

Update cyber security. First, install basic malware detection and protection software. Then, as you’re notified of updates, add these new security patches and other fixes.

Consider adding a hard-wired firewall to your office network. It’s not 100% fool-proof, but hackers look for easy targets. If they see security updates, and redundant layers of cyber-security in your office and on your website host servers, they tend to move on in search of an easier target.

Develop a mobi action plan before you’re hacked. More and more business is conducted using smartphones, tablets, PDAs and other mobile devices that link and sync with office computers and servers.

These devices may provide hackers an entry point into your sensitive data. Mobi (used by mobile devices for accessing Internet resources via the Mobile Web) is a security challenge. Is remote payment capture secure? Is data transmission heavily encrypted? Is each mobile device password-protected? Can you lock up your business smartphones just by calling them if they go missing?

What will you do if a data-rich mobile device does go missing? Who needs to be notified? Your bank? Customers and clients? And, how will you maintain operations if a computer virus is unleashed on your office network?

Store back-up files off-site. You can have automatic back-up, but if your system is hacked you may not be able to retrieve business info you need to conduct business. Cloud storage, or even back-up storage in a different physical location, is good protection. If the home office is attacked, you can still access company data stored securely someplace else.

Create individual accounts for each employee. One employee may need total access, another view-only access. Employees must log on using their individual accounts and PINs. Set usage permissions with limiting employee access in mind. The fewer employees who can access sensitive business data, the fewer opportunities for breaches to occur.

Control physical access to computers and work stations. What’s to stop a mailroom employee from sliding an untended tablet into the “out-going” mail pouch because that tablet will be going out at the end of the shift? You don’t know where it is, but you do know your data is at risk.

Secure office Wi-Fi networks. Check for signal leakage that can be grabbed by “war drivers” patrolling industrial parks with a laptop and antenna looking for data leakage that can be exploited. Set your office network router to hide the office network’s name – its Server Set Identifier or SSID – when broadcasting data across the office or off-site. If you don’t know how to reset the office SSID, hire an IT professional to do it.

Regularly “clean” your office computers. Empty the cookie file and Temporary Internet File at least weekly. Take out the trash by dumping the contents of your system’s recycling bin.

Finally, bulk up user passwords. Again, each employee must have a separate password. Change passwords every three months according to DHS guidelines. Change passwords when an employee leaves the company.

Employ multi-factor authentication. Employees must log on using their own password, identify a picture, answer a security question, provide a full account number – in other words, make it hard to access company data.

To learn more about online safety, visit Nevada State Bank’s new web page with information on common online fraud schemes, their costs, and how you can help prevent them from happening to your business. Begin building your Layered Defense Approach before your business is affected.



The information provided is presented for general informational purposes only and does not constitute tax, legal or business advice.