Recent high-profile data breaches, locally and internationally, demonstrate that no business is immune to cyber crime. Keeping information out of harm’s way needs to be a top priority for all businesses, large or small.
The business world spends millions of dollars each year trying to protect its most valuable asset from falling into the hands of cyber criminals—information. Yet, despite best efforts to prevent criminals from illegally accessing confidential information, cyber attacks are growing in sophistication and data breaches are continuing. If big organisations are still facing this threat, what can small businesses do to protect their identity and privacy online?
Here are some simple rules of thumb for protecting your information online:
- Keep your computer protected with the basics. Install anti-malware protection and keep it updated. Malware still poses one of the biggest risks to you and your information.
- Choose wisely with whom you share information online. If the website you’re using is the legitimate online presence of a company you would do business with in person, your risk is relatively low. If the online business doesn’t have brick-and-mortar stores, rely on its reputation and name recognition.
- If given the choice, never allow an online business to store your financial information. Forego the ‘ease-of-use’ temptation of allowing an e-commerce site to store your financial information. Often, under the guise of convenience, companies will offer to store your information for future transactions. This information may be stored at the servers of the business, their cloud provider, or hidden on your system somewhere and you have no guarantee of its security.
- Don’t use the same user ID and password combinations across all systems and websites. Passwords can be the weakest link in the chain. Ensure a different password is used for each application. If a hacker can gain access to one of your passwords, chances are most of your logins will be compromised.
- Start using second-factor authentication. Combining something you know with something you have increases the security exponentially. User ID and passwords are referred to as single-factor authentication. Combining those details with something else you have is called second-factor authentication, which greatly decreases the likelihood of hacking. An example of second-factor authentication is using a one-time password generator on your mobile phone which many banks now do for large transfers to a new third party account.
- Be careful of social engineering attacks. Never give personal information out if you have any doubts. Typical social engineering requests appear via e-mail. These emails will seem legitimate and can sometimes fool even the most security conscious. Never respond via email with personal information such as tax file number, bank details, or other highly sensitive information.
These are by no means the only security rules to follow, but they’re a good starting point. The only way to fully protect yourself is to totally unplug yourself from the electronic world—which is next-to-impossible in today’s society. Protecting your information and privacy online is about focusing on risk reduction and data protection, combined with a little common sense. By layering your defences, you are providing yourself with some tools to reduce the threat.