Don't let the cyber-Grinch steal your holiday season
Hackers and information warriors can take advantage of these shortcuts to pan the information gold mines created by the rush of holiday business activity. The National Infrastructure Protection Center reported on December 1 that it had detected an increase in hacker activity targeting proprietary information theft from U.S. electronic commerce sites.
No e-business can get around the fact that an online presence includes vulnerabilities as well as benefits. During this critical time when so much is at stake for both your firm and your customers, you must ensure that communications are secure, that confidential financial and order-related data is safely stored, and that orders, confirmations, and shipping instructions go to the correct parties.
When staff is stretched to the limit, when e-mail, voice mail, and online transactions grow to unbelievable levels, don't be tempted to leave caution by the wayside to get the job done. Review your security policies now in order to ensure they are complete and up-to-date. Make sure the following simple security techniques are part of your holiday security review. They will significantly lower your firm's vulnerability, and will improve your holiday forecast.
Enhance your online security.
Download and install security software updates and patches, and update your anti-virus signature files often. Request vendor e-mail alerts for new patches and vulnerabilities. Make sure employees check e-mail attachments for hostile code and viruses before opening them.
Check for password compliance.
Verify with your IT security administrator that all passwords are in compliance with security policies. If you don't have a security administrator or a policy, it's time to get to work. Passwords should not be easy to guess, should be changed periodically, and should not be posted in obvious places on users' PCs or desks.
Ensure your firm's internal security.
Conduct background checks on seasonal or new employees. Hire seasonal security officers; their presence brings attention to safety measures and reminds employees how important vigilance really is. Conduct periodic facility security checks to ensure that employees are complying with policies. Make sure that workstations are logged off when employees are away from their desks.
Review your firm's Internet traffic for signs of employee abuse.
Excessive personal Web surfing and e-mail can snatch staff time, slow down the system, and open new online vulnerabilities.
Your business relies on your employees
Cyber and physical security are related, particularly in small business. Internal vulnerabilities can be caused by inadequate facilities, or untrained or uninformed employees. If you fear that this is the case in your company, schedule a seasonal employee security meeting. This is an excellent time to review potential threats and ensure that all staff are aware of and understand the company security policies.
During such a meeting, review telephone procedures. Small firms are particularly vulnerable to hackers phoning in trying to reach a hassled employee. These skilled hackers can elicit passwords, customer data, and other information that is virtually impossible to obtain otherwise. If there is any doubt about a phone call, they should take the caller's phone number, verify the source, and call them back.
Counsel employees to shred all business documents (using cross, not strip, shredders) prior to discarding them. If possible, lock outside dumpsters. Also make sure that used diskettes and other storage media are erased using special software and locked in secure storage areas. Security policies are roadmaps to business survival, and ignoring them is an invitation to the cyber-Grinch. The good news is that protecting your firm is possible and affordable. You and your employees are the key to making the protection work.
Best wishes for a secure and successful holiday season.
Dr. Goslar is principal analyst and founder of E-PHD, LLC, a security industry research and analysis firm. He is also on the editorial board of the International Journal of Electronic Commerce and can be reached at Comments@E-PHD.COM