How to Minimize Computer Fraud (for Small Business Owners)
Informed Employees are your first line of defense against hackers and data thievesComputers are not "sentient" - they can't cry out for attention when they are being attacked (yet)! You can reduce the impact of cyber attacks on your business by educating your employees to be alert for the usual signs of a cyber attack: reduced performance, frequent error messages, slow or no responses to commands, degraded network performance, frequent crashes. Keeping anti-virus and firewall software up-to-date and current are the cost of doing business. Training employees to have their "eyes and ears" tuned to look for computer "irregularities" (i.e., fraud) will pay off when you can avoid larger losses that are identified and stopped early. Having good internal controls and a consistent policy for employee's personal use of computer assets will also keep your employees from becoming an internal threat to your business data. Don't allow personal software or employee owned hard ware on your networks. Fully screen all who get physical access to data systems as seasonal temps.
Systems backups and off-site storageIf disasters like Hurricanes Katrina/Rita and September 11th haven't convinced you to invest in backup/off-site data storage, consider where your business would be if you lost your main data product (customer lists, invoicing, etc) due to computer fraud. With web servers and secure storage solutions you can have an alternate data storage. Be careful: off-site storage, if not done regularly and securely can ADD to your risk of loss. Again, before you trust your data to third parties, fully vet the company for reliability and trustworthiness. What will their liability policy cover? How long is data archived and what will they do to help restore your systems? For the home business owner, have an UPS power supply and a copy of your master files in a secure off-site (bank box or web-based storage service).
Strong Passwords and EncryptionDO NOT USE weak PASSWORDS: no dictionary words of any spoken language, no backwards words, no common dates or the word "Password." Use at least 8 characters, alpha-numeric random combinations with UPPER and lower case characters as well as special characters ([email protected]#$%^&*()+) . Use a sentence to Help remember: In this case "[email protected]!" would be the password generated by the previous sentence (8 letters in the word "remember"). Again, well-vetted and well-informed employees are your strongest defense against computer fraud: you are only as secure as your LEAST trained employee. All passwords should be changed/updated after the departure of
any key employees and at least quarterly. The use of encryption programs (PGP or others) is essential for protecting proprietary information, customer data, billing records and trade secrets. Failure to safeguard personal information can lead to legal liabilities.
The use of encryption for critical business systems can not be overstated.