By Dr. Tahereh Daneshi, Professor, Information Systems Management, DeVry University’s Keller Graduate School of Management
No matter the size of your company, the internet provides great opportunities to amplify business opportunities. At the same time, you must be prepared for endless cyber security threats to your business. By paying special attention to the security of your online business fronts, such as customer support, orders, payment card transactions and other activities on the web, you and your customers will be both better prepared and safer.
Ask yourself this question: Is it important to safeguard my physical store location? If the answer is yes, it is equally as crucial to secure your information assets on the internet.
According to the Federal Communications Commission, theft of digital information has become the most commonly reported fraud, surpassing physical theft. It is important to note that if faced with an attack, your business may be liable by the Federal Trade Commission if appropriate protections are not in place to secure confidential information and data for your employees, customers and business partners. Along with technical controls by your IT staff, protection should also include physical and administrative controls when protecting your resources.
Here are a few simple, cyber security tips that can help protect you, your employees and your assets. And, these practices don’t require any technical skills or an entire IT department.
Create Guidelines: Often, employees are able to do more harm to your network than outsiders. Through a user guide or employee handbook, stress the acceptable use of company resources including laptop, desktop, computer devices, wireless, network and the internet. Identify the consequences of any violations of policies in the use of these resources.
Use Safeguards: Secure all devices by utilizing automatic, locking screen savers.
Passwords are Key: Having a password policy for your employees is good practice. Utilize simple guidelines such as:
- Don’t share your password with anyone, not even with the IT staff. They won’t need to know your password in order to troubleshoot your computer.
- Don’t write down your password.
- Don’t share your computer with others while you are logged into it.
- Don’t use words in the dictionary as a password. It is best to get your password from a phrase that you remember. For example, pickup the first letter of each word in a phrase. If you choose the phrase, “Today Is the First Day of the Rest of Your Life”, your password becomes “TIFDRYL”. Notice that DRY in the middle of password is a word in dictionary. In this case, change the phrase to “Today Is the First Day of the Rest of My Life,” and the password becomes, “TIFDRML”, and it is more secure. Now make another modification to include numbers in your password “Today Is the 1st Day of the Rest of My Life”, the password becomes, “TI1DRML”and it is good to go.
- Use special characters. “$” could be used for “S,” “@” for “a,” and so on.
Limit Access: Employees should have access to data and information only if it is required by their job function.
Utilize Automatic Updates: Use applications and software tools that automatically load the new updates on all network computers and devices. Install antivirus products that automatically update with the latest upgrade.
The above steps are easy to implement for any small business, free of charge and with high reward. If you’d like additional information regarding securing your business, there are many free sources of information to protect your small businesses on the internet, including the following:
- OnGuardOnline.gov provides tutorials and how-to-videos with great security guidelines for small businesses
- The Federal Communication Commission created a great cyber security planner resource. The tool allows businesses to prepare a customized security plan by following the prompted steps.
- Both the Department of Homeland Security and National Institute of Standards and Technology have information regarding internet security.
Dr. Tahereh Daneshi is a professor of Information Systems Management at DeVry University’s Keller Graduate School of Management. She has more than twenty years of teaching experience in higher education and has authored and co-authored a dozen technical publications. Daneshi holds a doctorate in mathematics from Texas Christian University, a master’s degree in mathematics from Oklahoma State University and a master’s degree in computer science from Midwestern State University.Tags: cyber security, DeVry University, information security, Keller School of Management, small business, Tahereh Daneshi