When you're launching your business, connecting with customers and refining your product or service are top priorities. But another thing you should consider, which isn’t always top of mind, is your security strategy. It is an integral part of your company's longevity, and to be the most effective, it should be a part of your planning right from the start.
We spoke to Jeff Moss, the founder of Black Hat and Def Con, two of the most well-known hacking and information-security conferences in the world, and advisor to the U.S. Department of Homeland Security Advisory Council, who says that security can't just be an issue for IT to contend with -- it has to be a company-wide concern.
Read on for Moss's tips for how small businesses can minimize fraud and threats to their company and customer data.
1. Don't put all of your eggs in one basket.
It is business folly to rely on just one bank account for all your needs. If you are paying people out of an account that contains all your funds, if someone were to get their hands on that account number, you could very quickly be cleaned out. His advice is to set up a series of accounts -- holding, payment and checking account -- for different aspects of the business. Moss suggests using a holding account to store your operating cash, including the money that you need for payroll. That account number will only be known to you, and that way, “nobody can get it just writing you a check or getting paid by you.”
2. Don’t give access to just anyone.
Moss highly recommends that small-business owners freeze their credit rather than put resources toward a credit-monitoring service. He says that freezing an account can cost up to only $10 to lock, and it can be a valuable tool in keeping out anyone who could come in and steal your funds. Then you pay another $10 to unlock for only a specific entity, like your local bank -- and that entity is the only one that can run a check on your credit
"Nobody else can open up credit in your name, and you just protected yourself, says Moss. “Would you rather protect yourself or would rather pay for credit monitoring? It's like $10 or $15 bucks a month for credit monitoring, as opposed to paying maybe $30, $40 bucks and protecting yourself from it ever happening in the first place.”
Moss also says small-business owners should look into an ACH ( Automated Clearing House) blocking to prevent unauthorized access to their accounts.
3. Be judicious about customer data
Moss believes that when it comes to customer data, "don't collect it, if you can't protect it.” Before collecting sensitive information, Moss suggests small-business owners ask themselves if they really need this data, and for how long should they hold onto it. “Wouldn't it be better to say, 'We were breached but they only got one week of information” as opposed to 'We were breached and they got everything from the last 10 years?'"
Ultimately, Moss says that a lot of exposure can be reduced by thinking very carefully about why you need a particular data set and how it is stored. "I always like removable hard drives and removable USB sticks. I just put them in a safe or safety deposit box. If you have something that's not online, when you need it, you know it hasn't been tampered with."
For growing businesses, he recommends investing in some enterprise-grade hard drives and looking into network attached servers and private cloud options from companies like Synology and ownCloud.