It’s 2 am and the police are calling. You just had a break-in at the office. You hurry to get to the office. The safe in the sales office was found open – and empty – and a couple of your computers are missing. You work with the police to start the detective work to figure how this happened. Was the safe left open on accident or did someone intentionally break-in? Who was the last to leave the office? Who has keys to the building? Was the building locked when the last person left? As you sort through these questions, how many are simple to answer and how many require help from one of your managers?
What would you have done if the call came from a disgruntled customer who had his credit run without his authorization? Would your employees accidentally send a company wire paid to a bogus account posing as a dealership? Break-in’s don’t always come in the front door. Today the threat is through our computers and mobile devices. Cyber security is more important than ever. Many small and mid-size companies are at risk for a cyber related attack.
Many individuals and companies believe that a hacker wouldn’t want the information on their computers. Where are you storing your customer’s social security number and date of birth? If you aren’t storing your customer’s sensitive information on your computer, what’s the risk? Security expert Brian Krebs says that most people are misinformed or not educated on the subject and depicts the vulnerability of your hacked PC. (click the image below for more detail)
You may be more at risk than you thought. Several queries and transactions are completed on your computers everyday. Company bank statements, transactions, software logins to run your customer’s credit bureau, as well as the hundreds of emails between you and your customers and/or vendors. If someone was tracking your keystrokes throughout the day, what would they gain access to? Is your company vulnerable to a cyber attack?
What are you doing right now to protect your company’s and customer’s information held on your business computers? We have identified 7 ways to protect your company and prevent a cyber attack.
1. Train your employees
Your employees are one of your biggest assets in your defense against a cyber attack – but can also become your biggest risk if they are not trained. According to Dobson Technologies, “Most breaches occur because an employee clicked on a link or provided information that allowed a cybercriminal access to the network.”
Employees should be trained to review the senders of emails for authenticity. An annual or biannual training can bring awareness to new cyber threats, which are constantly changing. Many fraudulent emails rely on a simple click to unknowingly download a virus.
“Employees who work in the accounting and F&I departments are most at risk for being targeted by sophisticated email scams.” Your employees may receive an alert to an issue with the bank account or wire transfer request. Cyber threats come in many forms. If you are not vigilant about awareness and training, you could fall victim to a scam costing your business thousands of dollars.
2. Limit employee access and delete inactive users
Create individual logins for your employees. Using individual logins gives you complete control for access, granting permissions and removing access when employees leave the company. Many CRM and software programs allow you to review a log of your employee activity. You lose this functionality when employees are sharing logins.
Don’t share logins. Do you only have one login for your _____ account? Ask the vendor to setup more user accounts. You are protecting your company by doing the extra legwork to set up additional users.
When setting up a user account, review the employee’s job duties and avoid granting unnecessary access. Be conservative in your access. “Unauthorized people should not have access to company computers and accounts.” Should the user be able to view reports or complete transactions? Spending more time in the setup of new users will pay dividends for the future.
Delete inactive users. Keep a log of what software and websites each employee has access to. When the employee leaves the company, promptly remove access. If they were a primary contact, this allows you to appoint the correct replacement and not flounder when an issue arises.
3. Choose robust passwords and change them often
Although we all hate the complicated passwords we can’t remember, these passwords aren’t as common and protect our accounts – the very reason passwords exist altogether.
The Next Web recommends “requiring the use of capital letters, numbers and symbols (or combinations thereof)” to increase the strength of your passwords. “Strong passwords that are difficult for hackers to brute-force their way through are even more effective than regularly changing weak passwords.”
Change passwords frequently. Force your employees to update passwords no less than every 90 days for the most protection.
4. Use a two-step verification process
Further increase your password security by requiring a second way to identify authorized users. A two-step verification process requires the user to obtain an access code sent to their email or cell phone, for example. The user then enters this one-time code at the time of login to verify their identity. The Next Web states “Having a two-step verification process adds another layer of protection for data, which is essential when there are so many devices now being connected together with the same username and password.” Dobson Technologies also recommends two-step authorization, “Access control to your computer network is paramount to security, which starts with confirming a user’s identity with two different components for access.”
5. Backup your CRM and information held on computer hardware
Regular backups of your computers and software should be completed daily or weekly. Most backups can be automated and scheduled from offsite, alleviating a manual task from your IT staff. “If you backup your files regularly, you are nearly impervious to ransomware, and don’t need to worry about corrupted or deleted files, in case of a cyber-attack.” According to Forbes.com, “All important information should have a copy.”
6. Continually update your security software and firewalls
Hire an expert to manage your technology and website security. If your website security is being managed by an employee, ensure they are being constantly educated in changes to technology and new threats. Cyber security is very complex and without the right people looking out for you, you are setting yourself up for risk of an attack.
Dobson Technologies recommends a multi-layer antivirus and malware protection plan. “Antivirus software scans all the files you open, providing real time protection.” Wards Auto cautions you to “Keep software patches updated. More than 90% of dealerships do not have a system in place to keep their patches updated on a regular basis. This is like leaving your back door open at night to cyber-thieves.”
The Next Web recommends “every business should add a Web Application Firewall (WAF) for their websites… services like CloudFlare and Sucuri which help protect you against DDoS attacks, XSS vulnerabilities, and other vector attacks.” CloudFlare explains DDoS attacks “utilizing multiple compromised computer systems as sources of attack traffic… a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at it’s desire destination.” A DDoS attack will halt your company website and prevent your customers from reaching your website altogether.
7. Have insurance in place
According to Wards Auto, “the majority of dealerships do not (have cyber-liability insurance). If customer records are accessed, costs can run to $1 million or more per incident.” More and more of your customers’ research and spending is starting online. It makes sense that you protect their information while visiting your website.
What does this mean for your Scan123 account?
Answer the questions below in regards to your Scan123 account and let us know if you need to make any changes to your users or setup:
- Do your employees have individual logins?
- Are there any users who should be Inactive?
- Are your employees using complex passwords and changing them frequently?
We value your security and have the following protocols in place to secure your business documents within your Scan123 account:
- Two-Step Verification Process required for all Scan123 admin users.
- Continuous data backups of your documents to our local servers and multiple cloud servers across the United States.
- Constantly updating our hardware and internet security to prevent any cyber attacks.
- Documents in Scan123 are secured by 256-bit military grade and SSL encryption. Any file transfers to and downloads from Scan123 website and client are protected by encryption.
IP Restrictions available. Would you like to limit where your users can access Scan123 documents from? We can limit the IP addresses from where your users can upload, view and download documents from. Contact Support to request to add IP Restrictions.
The best defense for your cyber security starts with educating yourself and your employees. Are you interested in learning more about how using Scan123 can securely store your business documents? Request a demo.