5 Ways Small Businesses Can Protect Themselves From Cyberattack

Small Business
You can trust that we maintain strict editorial integrity in our writing and assessments; however, we receive compensation when you click on links to products from our partners and get approved. Here's how we make money.
5 cybersecurity tips small business

Small business owners, consider this: Online security is back in the spotlight with the high-profile hacking of the IRS and the U.S. Army websites.

And if hackers can do it to those guys, it stands to reason they can do it to you.

In light of the threats, small businesses should give cybersecurity some serious thought, says Stephen Ufford, chief executive of Trulioo.

Trulioo, a company that helps businesses verify traffic to their websites, says the average merchant was hit by 133 successful fraudulent transactions a month in 2014, up 46% from the previous year.

Although fake transactions aren’t the same as, say, gaining access to 100,000 taxpayer accounts, cyberattacks on small businesses come in various forms and from different angles.

“Fraudsters will try many different ways to steal from your business,” Ufford says.

He offers these five online security tips for small businesses:

1. Educate your employees

Online security shouldn’t just be the concern of one or two people in your small business, Ufford says. Every employee should be aware of the risks and how to deal with them.

Stephen Ufford

Stephen Ufford/Trulioo

“The first line of defense is protecting your small business from hackers is to arm your staff with knowledge,” he tells NerdWallet. “Make sure that your employees are aware of the common methods used to cheat companies and teach them how to handle them.”

After all, hackers could use a host of tricks to break into your site, and it pays to make sure your employees are aware of them.

For example, it’s smart to check if that email purportedly sent by the CEO of a company placing an order actually “matches the domain name of the company placing the order,” a Trulioo infographic says.

And tell your employees not to fall for the agitated “I-want-it-yesterday” phone call or email, as “fraudsters will often aggressively insist on expedited shipping on their orders,” Trulioo says.

2. Draft a security plan

“Make sure that your business has a cybersecurity plan in place to both prevent breaches and to deal with them should they arise,” Ufford says.

And such a plan, he says, should highlight “best practices for employees using email, social media and safe Web browsing.”

The Federal Communications Commission put out guidelines for online security for companies, including setting clear rules on Web surfing.

“Your guidelines should allow employees the maximum degree of freedom they require to be productive,” the FCC says. “At the same time, rules of behavior are necessary to ensure that all employees are aware of boundaries, both to keep them safe and to keep your company successful.”

3. Weed out the good guys from the bad guys

One of the biggest problems in online security is figuring out which visitor to your site is a threat. You wouldn’t want to block or drive away legitimate customers or partners. And that happens.

A recent study says nearly one-fifth, or 19%, of rejected orders from major U.S. ecommerce companies “were actually legitimate,” Trulioo says.

Technologies including watchlists and online identity verifications systems, or IDV, can help weed out only the bad guys. Ufford says Trulioo’s services “can verify people from over 40 countries using more than 140 reliable and trusted data sources.” Other companies, including Experian and Verisign, offer similar products and services.

4. Set up a multi-layered defense system

Remember that you will likely face different types of threats — credit card and debit card fraud, identity theft, online advertising fraud or delivery access fraud, according to Trulioo.

“It stands to reason that the best way to detect them and prevent them from succeeding is by using multiple tools,” Ufford says.

These include other systems designed to authenticate customers and a document verification service, he says.

5. Learn from the past

Technology changes and evolves constantly. And that includes the tools and tricks hostile hackers use to break into websites.

That lesson was underscored by the recent attacks on the IRS and U.S. Army sites.

“It’s important to learn from the lessons of past mistakes, not only yours but those of others,” Ufford says. “Look for potential security loopholes and make sure that they are closed quickly.”

For related information, visit NerdWallet’s resources on how to start a business. For free, personalized answers to questions about starting and financing your business, visit the Small Business section of NerdWallet’s Ask an Advisor page.

Benjamin Pimentel is a staff writer NerdWallet, a personal finance website. Email: bpimentel@nerdwallet.com. Twitter: @benpimentel


Image via iStock.