You are probably making them – some, if not all the mistakes on this list. When you own a small business, it is easy to become a victim of common computer threats. After all – you are in business doing something other than keeping a vigil over your computer. You are a real expert in what you are in business for – and that is probably not the computers. That is why you have to find a balance between having a reasonable budget and trusting others to take care of your computers and trusting your employees to use them with care.
So we want to help you by identifying some common mistakes that business owners make when it comes to computer security, and include some practical advice on how to deal with consequences if you have made them.
Mistake #1. Trusting your “Computer Guy” has your best interest at heart.
Specifically, when some of them are using a “cracked”, or illegal software. In our practice, we have come across some small business owners who have been, at best, misguided by a desire to save on software by trusting an over-eager “computer guy” who could help them “save money” by using cracked versions of the software. (Cracked does not mean broken – it means the license key was “cracked open”, like a safe vault.) “Cracked” means illegal, pirated. Some owners do not even know that they have cracked software it on their systems. Did you ever see spam email offering your Microsoft Word and Excel for $10? Did a friend installed a copy of “their” version of software on your systems? The truth is – if they are confident that there is nothing wrong with doing so, it does not mean so.
This is one of the main contributors to computers being infected with malware or software. When using software from cracksites (also known as warezsites) and other questionable sites is always a risk. Even a single click on the innocent-looking link on such site can expose your system to multiple forms of very serious malware, and effectively run executable files (programs) from these potentially malicious sources. You are giving these sources access to information on your hard disk, to your personal and business-sensitive data, and handing them a potential control over the operation of your computer.
Practical Advice: Uninstall any such applications if you have them, and always use a legitimate, licensed version of any software from now on. (Read 7 Ways to Stay Out of Software Pirate Waters). If your budget is extremely limited, consider open-source solutions. Apache OpenOffice is a great example of an open-source solution for business on a budget: an open-source office software suite for word processing, spreadsheets, presentations, graphics, databases and more. It works on all common computers. It stores all your data in an international open standard format so data files can be compatible with other common office software packages. It can be downloaded and used completely free of charge for any purpose. Note sure your current IT person can handle it right? Please read this before hiring a new IT guy.
Mistake #2. Trusting your anti-virus program does what it should be doing.
Many forms of very serious malware may disable your onboard protection, and System Restore functionality. How can this happen? OK, let me come clean – it is not really your anti-virus’s fault. It is yours. Think about it – did you ever ignore the dialog box or a warning message that your anti-virus definitions are out of date? Or perhaps you did not pay attention that your operating system (OS) is not up-to-date? Did you know that BOTH – your operating system and your anti-virus program must be up-to-date in order to give you the best possible protection? New viruses and new malware come out every day, and if you are even one day behind on the updates, you may be more vulnerable than you think.
Practical Advice: Always stay on top of updates when it comes to anything software and OS. If you are too busy, or not sure that your current IT guy does a good job, consider bringing a Managed Services Provider (MSP) on board – with a monthly service plan that includes monitoring of your computer network. This way, your new IT support company will know of these issues before you do and can take preventative and restorative actions as fast as the need for them arises. If you are looking for a computer tech and IT support in New Jersey with a monthly service plan, give us a call at 201-493-1414 – we will secure your systems and monitor your environment: your computer network will thank you!
Mistake #3. Trusting Your Employees.
Having trust in your team is great. Statistics, however, make you question your trust. According to a recent Salary.com survey, 64% of employees visit non-work related websites at work – on a daily basis. Of them, 39% spend one hour or less per week, 29 percent spend 2 hours per week, 21 percent waste five hours per week, and only 3 percent said they waste 10 hours or more doing unrelated activities. Unrestricted access to the internet increase the risk of your employees visiting questionable sites that can potentially harm your computer – and that threat doubles if your anti-virus or operating systems are out-of-date, as discussed in section 2, above. Another factor is employees using portable data sources that can compromise your business systems – example: a USB drive that was previously infected by a malware on the employee’s home computer will bring the infection to your office if an employee uses that USB at their system at work. And let’s not even mention the theft of your business intellectual property – we’ll cover it some other time.
Practical Advice: The quick-and-dirty, most effective way to deal with it is to have an internet use policy – restricting internet use and portable data carriers use. If you still believe that trust in your fellow workers should prevail, consider this: respondents to the Survey.com survey said the main reason for slacking at work was that they don’t feel challenged enough in their job. Other reasons include feeling overworked, not having a sufficient incentive to work harder, feeling unsatisfied with their career, and just being bored. Perhaps something can be done to the business operations so to keep your employees more motivated and interested in work, and not other activities.
Mistake #4. Trusting Official-Looking Email.
I have to admit it – some spam emails look very legitimate, and it is easy to be fooled into opening an email and clicking on the link. What business owner does not have credit card invoices, purchase orders, FedEx or UPS delivery notifications that they do not anticipate to see on the daily basis? It is easy to make an honest mistake and click on a legitimate-looking link from a brand-name resources, such as Amex or Federal Express. Most malware carriers are playing hard-to-spot, disguising themselves as one of the “big names”, to increase the chance of you opening that email. Most of the people who fall for this scam end up being not able to get rid of the computer virus, or end up with a ransomware – a malicious program that encrypts or destroys the data if the victim does not pay ransom in the digital currency.
Practical Advice: When in doubt – call or go to the source directly. If there is an email alerting you of your account is out of date, or your delivery not being scheduled correctly – do not click on the links in the email. Go directly to the website – yes, meaning typing in the addresses such as www.americanexpress.com or www.fedex.com – into the browser by yourself – or better yet, when suspecting a malicious intent, call the company in question, and discuss your needs with customer service representative. Another trick you can do is look into the source code (HTML) of the email, if you can, or pay attention to the status bar when hovering over the suspicious link with your mouse – the true link will show itself, and when the link is called www.fedex.com/invoice-status/ but the “hidden” link shows up looking something like fedex.hackyou.pl/program/steal/2348haha3times – that you should definitely NOT click on that link, but rather permanently delete that email from your computer. And yes – make sure you have your anti-spam enabled, set on high, set on “delete spam”. If you are worried that you may not be getting an email from someone important, contact those people and companies, and ask them not to assume their email arrived at your destination but to contact you in person if their email is unanswered. Most people understand the perils of spam and work with you on this one.
Mistake #5. Trusting Yourself.
The biggest mistake people make is assuming all is well. Many times people figure if they are not going to “those sites” and not doing “anything wrong”, then they have nothing to worry about, there will be no security breaches or malicious programs installed on their computers. Many small business owners assume that being small keeps them safe, thinking “Who wants to spend time and energy breaking into my computer with my 300 accounts? I am small potatoes next to those big banks that hackers are probably targeting, instead of someone like me”. In fact, it is not about the size of a company, and not just about hacking. Many malicious programs are designed to redistribute from one system to another. They go out like a wildfire through everything they touch, many get into your computer via email, then get re-distributed through contact lists, to other people, through their contact list, creating a domino effect. There is no way of saying who will end up being a victim.
Practical Advice: Be vigilant, and whether you think you are not worthy of hacker’s attention, or you think you are too cool for school – don’t make assumptions that can compromise your business computers, and – in turn – your business. Keep up with updates necessary to protect your business. In our busy everyday lives, it is easy to under-estimate our schedule and rely on our memory to take care of it in a minute, tomorrow when you are back from the conference… Remember that every minute your computer has an inadequate layer of protection, it is vulnerable to malicious software. Make it a habit to check if your anti-virus and operating system are up-to-date; consult your trusted IT advisor about Managed Services options and Data Backup – if you don’t have any, get them it now!
If you are in New Jersey/New York area, you can call us at 201-493-1414 to speak about our IT services, or request more information about our Managed Services and Tech Support.
Does Your Business Computer Network Need a Health Checkup?
As always, if you have any questions or suggestions for another topic, please feel free to contact me directly at our office, or by emailing me to firstname.lastname@example.org