Information-technology security becomes even more important when operating a business online. It’s critical to take the steps necessary to protect an online business against hackers who could steal vital information, or viruses which could bring your computer system – and your business — to its knees. Of course no system is foolproof. If someone is absolutely determined to break into your system, given enough time and money, they likely can. But it’s wise to put as many safeguards in place as possible, so that hackers will look for easier targets. What follows is a few steps security specialists recommend that business owners take to protect their systems.
1. Change default passwords and account names in place when your computer system was installed.Installing a machine or software out of the box without reconfiguring it for security is one of the most common security mistakes that online businesses make, but it’s one that’s easily corrected. Failing to make these changes makes it simple for hackers to gain access since they know or can determine what these original settings are.
2. Update your computer operating systems. Manufacturers upgrade security safeguards often. Sign up for the automatic updates that install security patches. Hackers often are on the lookout for systems that don’t have the latest safeguards. And look into anti-virus software, again with automatic updates. Software should also be put in place to block spam and detect spyware, the programs that can be surreptitiously installed from outside a computer system and feed sensitive information to the intruder.
3. Use encryption software to protect customers’ financial information from theft during transactions. Visa USA and MasterCard International Inc. require most businesses operating online to verify that they have taken a number of steps, including data encryption, to protect customers who use their credit cards. If you meet those requirements, your online operation is likely to be fairly secure.
Complying with the letter of those standards can be challenging for small businesses, which generally don’t have the resources or the security expertise of larger operations. So it can be a good idea to outsource payment processing to a company like eBay Inc.’s PayPal unit. Ensuring compliance for in-house payment processing can cost at least twice as much as outsourcing.
Encryption is also important for protecting a company’s internal information — personnel files, financial accounts and product information and other data. It can foil a hacker who has gotten into the company’s computer system but can’t decipher the information.
4. Limit access of sensitive information to those who need to see it. Special software can detect unusual patterns of activity in the computer system. There is also software that can monitor outbound communications to make sure certain information isn’t leaking out. For businesses whose employees need remote access to the company computer system, require more than just a user name and password to gain access — for instance, a token that displays a second password that changes regularly.
If these dangers don’t provide enough to worry about, a new concern is emerging about personal smart phones, mobile devices that can handle email and Web surfing. Private phones are more vulnerable to hacker attack than ones connected to a company network. A number of companies are introducing inexpensive mobile software that encrypts email traffic, or monitors phones for suspicious activity. While the threats have been minimal and more of an annoyance so far, they are something to keep an eye on.