12 Steps to Protect Your Online Business From Cyber Crime

These days, cyber attacks are a very real threat to businesses of all sizes. For instance, in 2015 alone, it's estimated that cyber attacks and security breaches compromised a reported 429 million identities across the globe. Today, understanding internet safety and taking the right measures to protect your online business from hackers and malware is more important than ever.

As Credit.com co-founder and data security expert Adam Levin wrote in a Credit.com blog post, “hackers will always go after the weakest link. If they determine that the big guys have toughened up, they’re just going to go after easier targets, like small businesses.”

And, while there’s no single fail-safe when it comes thwarting hard-working hackers or, even, internal fraudsters, there are a number of steps you can take to severely minimize the odds of a breach. Here are 12 steps to take to help protect your startup from cyber crime.



1. Encrypt All Business Hard Drives
Encrypting all of your files, folders and company hard drives can help protect your online business from a data breach. Essentially, encrypting these files scrambles the text and data so that, even if your hard drive was accessed by a malicious hacker, they’d be unlikely to "decode" the information, rendering it useless.

2. Carefully Research eCommerce Platforms
Thoroughly researching eCommerce platform options before choosing one for your business is time well spent. All too often, business owners (especially those just starting out) want to save money by going with the cheapest platform they can find. And while cheaper doesn't always mean worse in terms of security, it's important to look into the specific security measures and features included with a subscription before signing on. If you already have an eCommerce platform and don't know a lot about the security features included, now would be a good time to revisit that and make sure you're properly protected.

3. Update System Software Regularly
Taking the time to regularly update your system software is a great line of defense for your business website and online business. All too often, attacks and cyber data breaches occur when a business owner has put off installing security updates and other recommended software updates. As a result, this can leave your servers or website exposed to dozens or potentially hundreds of new security threats.

4. Consider Paying Your Hosting Company for DDoS Protection
DDoS protection is designed to protect your website from DDoS attacks, which essentially involve flooding your website with "fake" traffic and causing it to be taken down by your hosting company. If you have a dedicated server or web host, check to see if your hosting package includes DDoS protection. If not, it’s something to consider adding to your hosting package right away.

With DDoS protection, your website's traffic can be monitored and filtered to ensure only legitimate visitors are accessing your site, thus reducing your chances of downtime and lost profits.

5. Require Strong Passwords From Employees & Customers
Requiring employees and online customers to use strong passwords will provide added security. You may also want to require passwords to be changed at least once every few months to reduce the chances of a security breach.

6. Use Two-Factor Authentication
Two-factor authentication, also known as 2FA, provides an extra layer of security by requiring customers to enter a password and second credential to get into their account and/or make a purchase. The password is generally constant (though subject to change) and the second credential is dynamic — think a security code being emailed or texted directly to the account holder. As it isn’t just customers who can get hacked, two-factor authentication can be used on employee accounts as well.

7. Don't Store Your Customers' Sensitive Information
If you collect customer information at the time of online payment, keep in mind that it can be risky to store that data. This is especially true when it comes to Social Security numbers, credit card numbers, CVV numbers, account numbers and other identifying information. In the event of a security breach, the last thing you want is for your customers' financial and personal data to be leaked, which can easily lead to widespread identity theft and create a public relations nightmare for your company. This can be avoided altogether by simply not storing this information to begin with, encrypted or not.

8. Limit Access
If you do store information, whether for customers or employees, grant access on a need-only basis. The same goes for any sensitive internal systems or accounts, like your company’s social media pages.

9. Don't Forget About Your Mobile Site
These days, more web users are accessing websites via mobile devices (such as tablets and smartphones) than traditional desktop and laptop computers. As a result, it's become more important than ever to make sure your mobile site is just as secure as the desktop version. If you haven't done so already, you may want to consider hiring a website coding expert to ensure your site is fully optimized and secure for both desktop and mobile use.

10. Take Time to Train Your Employees
If you have employees, a security training program for those who have access to company computers and sensitive information can be helpful. This simple training could help your company avoid a data breach or other security issue down the road. Issues to address include spotting phishing emails and having employees lock company computers when they’re away from their desk, as well as locking mobile devices when they aren’t in use.

11. Consider Outside Security Reviews
As your business grows, you may want to think about hiring a reputable company to audit your systems, procedures and protocols. That way, you’ll ensure you are as secure as you need to be. You can also consider hiring a reputable company to do periodic testing of your network to ensure that no unauthorized user can gain access, Levin wrote.    

12. Hire a Compliance Officer
Levin also suggested adding a designated compliance officer to make sure your business security is up-to-date. While it may be tough to bring on a compliance officer when your business is in its early stages, it’s something to keep in mind as you — and your network — grow.

Jeanine Skowronski is the managing editor at Credit.com. Prior to joining Credit.com, her work was featured by TheStreet, Newsweek, Business Insider, Yahoo Finance, MSN, Fox Business, Forbes, CNBC and various other online publications. Follow her at @JeanineSko.