Protecting your business online

There are a number of risks that you’ll face in business – from cybercrime and loss of data. Safeguard your business from anything that may impact your survival and growth.

Watch out for warning signs

First, it’s worth paying attention to anything the seems out of the ordinary such as:

• Large unusual transactions from unknown buyers.
• Payment with many different credit cards.
• Rush orders or any type of unusual urgency from a customer.
• A high volume of transactions in a short period of time.
• A customer orders small amounts and pays on time (building trust), then places a very large order (which they don’t intend to pay for)

If you’re not sure whether a transaction is legitimate, implement a few extra steps to double check.

• Call the customer to confirm their order
• Use security programs such as Verified by Visa
• Reject any order you’re still suspicious of always trust your gut! If it doesn’t feel right, it probably isn’t.

Educate your team

Provide training and regular updates to help your team identify and prevent fraud and spot suspicious transactions. Make sure your team are aware of the consequences of fraud. Customers could be heavily impacted as they won’t have access to funds for an extended period of time and your business could be liable for purchases made on a compromised card.

Take care of your data

Your business data is possibly your most valuable asset. Imagine if all the information on your computers, laptops, software and devices was wiped clean (either by mistake or by a malicious attack). Reduce the chance this will occur by:

• Only hold the customer data you need. The more information you hold, the higher your security risk.
• Regularly back up automatically and store them secure offline. You can then restore your data if it’s lost, leaked or stolen.
• Set up logs to record all the actions people take on your website or server. Set up alerts to notify you if an unusual event occurs. Make sure someone checks the logs when an alert comes in.
• Create an incident response plan to help you get your business back up and running quickly if your business is targeted by cyberattack. Talk to your staff about the plan ahead of time.
• Select a cloud services provider who will provide the right services for your business. Check their data and security policies. Ask if they’ll do backups and if they offer two-factor authentication.

Check your internal systems are well managed

Part of protecting your business online is putting in place procedures that are compulsory for all employees to agree to (often it’s best to put these conditions into employment agreements and flag non-compliance is serious mis-conduct). Consider asking staff to:

• Make sure anyone who logs in to your system has to provide something else on top of their username and password, to verify that they are who they say they are.
• Change default passwords and check for default passwords on any new hardware or software. If you find any default credentials, change the passwords.
• Use creative recovery answers as security answers like your pets name or your school can be easy for an attacker to find out. Choose novel answers that aren’t necessarily real.
• Create unique passwords for each account so if an attacker gets hold of one of your passwords, they can’t get access to all of your other accounts.
• Don’t give out personal information. Legitimate-looking emails are very clever at trying to trick us into giving away personal or financial information. Stop and check if you know who the email is from.
• Be smart with social media. What you and employees post on social media can give cyber criminals information that they can use against you. Set your privacy so only friends and family can see your details.

Protect your Financial information

Possibly you could survive a cyberattack which disrupts your business. It could be annoying, time wasting and embarrassing to fix whatever has been hacked. But if your finances are impacted, it’s a different story.

Reduce the chance of financial loss by:

• If you need to pay a new supplier, or to change bank details, double check it manually by phone or text before you approve any payments. Do this for any unusual or unexpected requests.
• Check bank statements regularly as that could be the first tip-off that someone has accessed your accounts. Ring your bank immediately if you see something suspicious.
• Get a regular credit check to alert you if someone else is using your details to get loans or credit.
• Keep an eye on your networks and install software updates to stop attackers getting access to your business network through known vulnerabilities. Software updates often contain security fixes.
• Enable security software, like antivirus, to prevent malicious software being downloaded to any device that accesses your business data or systems. Free online antivirus software can be fake. Purchase antivirus software from a reputable company and run it regularly.
• Configure network devices like firewalls and web proxies to secure and control connections in and out of your business network. Use a VPN that uses two-factor authentication if you need to remotely access systems on your network.
• Be careful using free Wifi and hot spots – they are untrusted networks so others could see what you are doing.

Like most things in business, prevention is better than a cure; a little planning now could save you a significant financial cost in the future.