As a small to medium business it’s important to remember your clients are relying on you to provide a secure environment that keeps their most personal information safe. However, from a hackers perspective… here is what THEY are hoping you believe… “We’re small…nobody wants to hack us.” This is the #1 reason why people (companies) get hacked. They dismiss the importance of IT security because they’re only a “small business.” Even if you are a small business you still need to provide top IT security for everyone and that includes making sure you are protecting your clients’ data.
One thing is for certain: NO ONE is immune to cybercrime. In fact, one in five small businesses falls victim to cybercrime and that number grows every year. Plus, half of all cyber-attacks are aimed at small businesses because they make themselves low-hanging fruit with sloppy or non-existent security protocols.
Here is something to ponder: If you aren’t giving IT security the attention it deserves, how do you think your CLIENTS would feel about that? If for no other reason, you need to do it to protect your clients’ data, even if the only information about them you store is an e-mail address. If your system gets compromised, hackers will now have access to your clients e-mail and can use that for phishing scams and virus-laden spam. This could create a major problem for you and your clients. Imagine your clients email being flooded with scams as a result of your system being hacked.
As a managed IT service provider, we are sure your clients want you to be a good steward of their information and privacy, so we can’t express it enough to take IT security seriously and put essential security practices in place for your business.
Here are a few other scenarios to watch for that could compromise your clients’ data:
Keep sensitive data off employee equipment
If a laptop is stolen, even a strong password will likely get cracked. Once the thief succeeds, any private data including your clients information that is unencrypted is free for the taking. One solution: keep sensitive data on a secure private cloud service, so it’s never on your employee’s hard drive in the first place. By storing this information in the cloud, you can immediately revoke access when a device goes missing. If you have an internal file server in your office, make sure it’s secured properly – you need to talk to your IT provider and discuss options for shared folders for things like HR that only certain people need. You may have a q:\ drive for documents, and s:\ for accounting, and a p:\ for workflows and processes. Everyone can use q:\ and p:\ but only people who do accounting can use s:\. It’s simple stuff – but think of the possible damages of data on a lost laptop at the airport. If you are in the medical field, this could also engage the Office of Civil Rights as a HIPAA violation. If your laptop hard drive has the option to encrypt, use it!
Is this request really from the boss?
A common scam going around requires everyone to be on their toes. Here’s the situation… An e-mail comes in from the boss asking you to e-mail a copy of employee pay stubs, tax information and files with confidential data such as social security numbers in them, or maybe client contact information. In another example, the boss asks for a transfer or ACH payment to a vendor or a different bank account. The problem: even though it has the boss’s e-mail address and name, and appears to come from the big guy…it is still a scam. To compound problems, a lot of bosses DO legitimately send these types of e-mails.
If you get a request relating to personal, confidential information or a request for banking transactions from someone in your organization, you must double-check that it really came from that person. Imagine if this request included using specific payment information from a clients account? The repercussions could be extraordinary. In lots of cases, a quick text message is an easy confirmation. And even if it’s a legitimate request, never send confidential information like social security numbers (or attachments with this information inside of them) without taking precautions to password-protect and encrypt the message first. If it doesn’t feel right, it’s probably not right.
As a leading San Diego Business IT Support provider, we are here to keep your client information safe. Contact us today and we can help create a secure database for your business and for your clients’ information.