New FTC Website for Small Business Data Security
Federal Trade Commission Acting Chairman Maureen Ohlhausen Announces New Website
The Federal Trade Commission (FTC) launched a new website this week to help small businesses keep their data and their customers’ data safe. It’s located at FTC.gov/SmallBusiness. The announcement includes a summary and links to small business computer security basics, tips, videos, and advice.
My Perspective on the FTC Computer Security Basics
Basic cybersecurity proficiency is quickly becoming a basic job skill. As business becomes more digital each and every day all employees need to know how to stay safe online to protect themselves, the company they work for, and the customers that trust a company with their confidential data. The core list of basics are something we talk about regularly with our customers at Jungle Disk.
1. Protect Your Files and Devices
We see many businesses confused about online storage vs. a separate safe backup copy of data. Services such as Google Drive, OneDrive or Dropbox can replace your company file server. They don’t replace the backup you had of that server. While many online storage systems support versioning and roll-back, a separate vaulted backup copy can be the difference between inconvenience and tragedy.
Strong passwords on all accounts, two-factor authentication for critical systems, and turning on automatic updates are free or easy steps we should all be taking. Google Authenticator is a second factor available for iPhones, Android and the Chrome Browser on your Windows or Mac laptops.
2. Think Before You Share Your Information
Hackers are becoming much better at tricking all of us. A past episode of Cyber Talk Radio covered Human Hacking and Social Engineering. You can listen to it on iTunes, Pocketcasts or YouTube. Spear phishing attacks are making victims out of all sorts of folks who believed they knew what to look for in spoofed messages.
While the little bit of information you share may seem harmless, attackers will piece together the puzzle one bit at a time until they can commit the crime they’re working towards. A recent phone scam called possibly millions of people trying to get them to just say the words ‘yes’ or ‘authorized’ and to get you to talk enough they can use a computer to play back your voice to your bank or other institutions to gain access to your accounts.
3. (and #4 together) Protect Your Wireless Network & Be Careful With Wi-Fi Hotspots
Wi-Fi has helped us all with access from multiple devices and mobility around our offices (or on the go). Harvard Business Review (HBR) recently published a piece about the danger of using public Wi-Fi. To test your Wi-Fi, we offer a free 2 minute network security test. If you’re sharing your Wi-Fi password with customers, it really should be a separate network from your business employee network where you keep confidential data. Even if you can trust your customers, you don’t know if their computer is compromised when they visit. You could be inviting a hacker onto your network along with your trusted customer.
5. Know What To Do If Something Goes Wrong
If you don’t have an incident response plan when things go wrong, you’ll be shooting from the hip (as we say in Texas), which isn’t accurate and not how you want to handle a very stressful situation. Robert Autenrieth covers Incident Management and Response on an episode of Cyber Talk Radio.
Become the Hard Target that Hackers Bypass
The FTC and others are doing great work to help provide tips, videos and even full policy documents to protect your business, customers’ data and all of us from criminal hackers. Getting a basics education doesn’t take hundreds of hours. In a half a day on the FTC website and going through links and resources like those shared above, you can become the hard target that hackers will bypass settling for others who are still an easy mark.