If you keep any kind of digital information in your business, you have a chance of becoming a victim of a cybercrime. The odds have increased exponentially during the pandemic, with more cyberthreats and scams floating around than ever before. Below are some useful tips to reduce your chances of getting attacked from your favorite Orange County Bookkeeper.
Social Engineering
Social engineering is when thieves try to get your employees to provide confidential information via a phone call or email. You can reduce your risk here by developing procedures and training any employees that take customer phone calls for the business. Require them to ask for identifying information such as a pin or code, or simply prevent them from giving out any information over the phone.
Passwords
Passwords are terribly inconvenient but incredibly necessary. Almost everyone is guilty of using passwords that are simply too easy to guess. Here are some password tips:
- Avoid using dictionary words, even if the syllables are broken up in the password.
- Always use a combination of upper and lower case, and don’t just make the first letter uppercase which is too predictable.
- Include special characters, and don’t just use the exclamation point.
- Use separate passwords for everything, especially for banking apps, accounting apps, and social media apps which are frequently hacked.
- Make your passwords at least 12 characters. More characters will be needed each year.
- Use a password manager app to protect sensitive information. Team One Accounting uses the app “Last Pass” to securely save these intricate passwords. Not only are the passwords safe from cyberbullies, Last Pass allows you to keep all of your confidential information in one, easily accessible place! Ask us how it works.
Receiving and Delivering Information
If you deliver or receive information, it should be done safely and securely. One way to do this is to use a customer portal such as Box or ShareFile, where the information is securely stored in the cloud. Another tool used to safeguard information delivery is encrypted email.
Anti-Virus
All computer users should have anti-virus software implemented and active on their devices. Company procedures should dictate the settings as well as the brand to use.
Spam Protection for Email
Anti-spam software is also necessary to protect the device from bad links in emails. Users should be trained to detect and avoid phishing emails.
Malware Protection
Malware can be installed on your computer without your knowledge. To protect against these threats, avoid file-sharing when possible, be careful when visiting unknown websites, do not download software that you don’t recognize, and be selective in opening links in emails.
You may also need to protect your website from malware attacks by installing a firewall or other preventative solutions.
Software Releases
Stay current with all of your software upgrades. Upgrades can patch vulnerabilities, so you are safer with each new upgrade you install.
Data in the Cloud
Make sure any data that you have in the cloud is behind an acceptably secure technology solution. Today, this generally means files are stored with AES 256-bit encryption. You can also look for SOC1 and SOC2 certifications.
Need to Know
There are many policies that need to be developed for employees with regard to data handling. One example is providing data access to employees on a need-to-know basis. For example, an operations manager does not need the password to the payroll system, but the payroll manager does.
Reducing Business Risk
These items above are the tip of the iceberg when it comes to having good data security practices in your business. Develop an excellent set of policies, train and monitor employees, and set a great example yourself when it comes to this growing threat to your business. Your Favorite Bookkeeper is here to help! Ask Team One Accounting about our security operations.