Merchants are susceptible to fraud and theft at the best of times, and the COVID-19 pandemic seems to have brought the worst out in a lot of people. Hackers and thieves are taking advantage of the confusion and are doing anything they can to crack our security and worm their way into our computer systems and our identities.
That means you’re not only susceptible as a merchant, you’re just as susceptible as a regular consumer. There are possible breaches into your computer and your identity in the places you shop, through the websites you visit, and even during your online meetings and gatherings.
Here are five things you can do to help protect your personal life, your business, and your customers from hackers and thieves.
1. Make sure your malware protection is up to date
Data breaches, identity theft, ransomware, and data loss all happens because companies and individuals don’t have proper defenses installed on their servers and individual workstations. Companies are being hit with ransomware attacks where crooks lock up a company’s computer and then demand a ransom payment in exchange for releasing their data. Similarly, hackers will break into a company’s servers and steal their proprietary and financial information, selling it to other hackers or using it for their own gain.
To protect yourself, never download items from sources you don’t recognize. Never click unusual URLs or attachments in your email. And back up your important data on a daily basis. That way, even if you get hit with a ransomware attack, you could always wipe out your computer and reload a recent version with minimal loss.
2. Secure your online meetings.
When we started moving to online meetings, we started hearing about the increased incidence of “Zoom bombing,” where an unwanted guest would show up to an unsecured meeting and post pornographic images or videos. As a result, Zoom updated their new meeting security parameters, such as waiting rooms, meeting passcodes, and even passwords to enter a meeting.
If you host online meetings, make sure that you follow the steps the platform providers layout to create safe meetings They may seem like a minor inconvenience that you could do away with, but if you’ve ever been Zoom bombed, you know that can be an even bigger headache, especially when it could have been prevented in the first place.
3. Avoid phishing and scam emails
Most phishing emails are pretty easy to detect: Someone you weren’t expecting to hear from emails you with some offer. But occasionally they can get pretty sophisticated. Someone you do know sends you a link and says “Here’s that article I promised you.” Or it’s a link that said, “I thought you might like to see this.” It could even be an email from your bank telling you to check your balance or change your email password because of a data breach.
They look innocent enough, even if it’s a bit unusual, so you click the link and inadvertently download some malware or get taken to a website that tries to steal your information. Or you log into your “bank” portal and provide them with your username and password.
If you’re not actually sure about those emails, hover your mouse over the link and see what the destination is. If it’s anything other than the business it claims to be from (e.g. Chase.com, PNC.com), it’s most likely a scam. Click the “Report As Spam” button and delete it. If it’s a message from a friend, email them directly (don’t reply) and ask if they sent it.
4. Make sure you have disaster resiliency and recovery protocols in place
Companies often have disaster recovery plans in place, helping decide what to do after a natural or manmade disaster. A disaster resiliency plan lets you operate during a crisis, much like we have been operating during the pandemic, or when the New Orleans Time-Picayune continued to operate immediately after Hurricane Katrina, never missing a day of publication.
Creating a resiliency/recovery plan means planning ahead for the worst-case scenario. For most companies, you only have to recreate what you have been doing for the last seven months. Even so, your recovery plan should include knowing what to do if things get worse for you and your company. What will you do if your suppliers are gone? What if your servers are attacked? What if your data is stolen?
It’s not enough to just be able to work during the pandemic, you have to be able to plan for the worst and know how to recover from such a problem.
5. Be sure to carry cyber security insurance
Every small business should carry cybersecurity insurance, especially if you keep your data stored in the cloud or if you process credit cards and other forms of payments. Cybersecurity insurance will not only cover any loss of business in case of a data breach, but will also cover the costs of fulfilling legal obligations of a breach, such as notifying all your customers, providing one year of free credit card monitoring, and even any legal action that might follow.
If you don’t have cybersecurity insurance already, talk to your business insurance provider about getting cybersecurity insurance as part of your regular business insurance.
Photo credit: Aitoff (Pixabay, Creative Commons 0)