Last year, an employee of mobile messaging company Snapchat received an email from his boss, CEO Evan Spiegel, requesting payroll information about several staff members. The employee replied to the email with the information requested.
Only, the thing was, the email was a scam. Even though it looked totally legitimate, the CEO had not written it. The end result was that several Snapchat employees had their identities compromised. Snapchat had to send out a company-wide letter that said in part, “We’re a company that takes privacy and security seriously. So it’s with real remorse – and embarrassment – that one of our employees fell for a phishing scam.”
There is no shortage of sophisticated scammers and cybercriminals out there, just looking to separate you from your money, identity, data, and so on. Small businesses are an especially popular target these days and the federal government takes such threats very seriously.
One of the agencies tasked with keeping cybercrime at bay is the U.S. Federal Communications Commission. The FCC offers a lot of smart suggestions as to how small businesses should go about protecting themselves. Here are some tips from the FCC that all small business owners should keep in mind:
1. Train employees in proper internet security procedures: You need to come up with guidelines and policies regarding safe internet use at work – proper use of personal devices, procedures for downloading and updating software, etc. These rules then need to be disseminated company-wide.
2. Handle mobile devices the right way: The new way of doing business, called BYOD (Bring Your Own Device), presents the small business with some very real security challenges. How do you protect data on individual devices? The FCC suggests that employees “password protect their devices, encrypt their data, and install security apps.”
3. Control access to your computers and create employee user accounts: It is suggested that you take extra precautions to physically protect and safeguard tablets and laptops because they are most vulnerable to theft or loss.
Having strong passwords (which you should change every three months) and security software will also help ensure that, even if an unauthorized user gains access to one of your computers, they will have a difficult time accessing your data.
Additionally, the FCC states that “administrative privileges should only be given to trusted IT staff and key personnel.”
4. Limit employee access to information: The FCC says that no one employee should be given full access to all data and systems. Employees should only have access to the data and applications they need to do their job.
5. Set up a firewall: A firewall is a software system intended to prevent outsiders from accessing information on private networks. Employees who work remotely need to use firewalls as well from wherever it is they work.
6. Back up, back up, back up: The information on your company computers is the lifeblood of your business – customer accounts, financial files, records and data, and even credit card and social security numbers. That sensitive business information must fully backed up and protected.