Cybersecurity Best Practices for Small Businesses in Houston

September 14, 2018

How prepared is your small business to deal with contemporary cybersecurity threats? If this question fills you with fear, it’s time to learn about the best practices and protect your company with a robust cybersecurity plan. Investing your time and resources in cybersecurity now can save you from the significant costs of lost or stolen data, hacked devices, and other problems in the future. If you have an interest in learning more about cybersecurity, check out this list of upcoming conferences that are taking place throughout Texas in the coming year. Keep reading to learn more about what cybersecurity is, what it protects again, and how you can implement the best practices at your company.

What is cybersecurity and what does it protect against?

Cybersecurity encompasses a set of tools or approaches to protecting information online. For small businesses, this means securing the integrity of their website and internal computer network. It's also essential to keep sensitive customer information confidential and protect against external threats such as hackers as well as data theft or information tampering from inside the company. Finally, a good cybersecurity policy will help a small business recover from both accidental IT problems such as power outages as well as adversarial attacks. 

Adopting cybersecurity best practices for your small business isn’t something to “get around to” when you have the time or resources to devote to it. In today’s business climate securing your internal and external IT infrastructure is practically a required part of operating a small business, the next step after filing for an employer tax ID. As larger, household-name companies--whose data breaches have been making headlines with startling regularity--adopt the best security measures available, hackers go after easier targets like small businesses with weak security. Overall, cybersecurity can protect your company from these common threats:

• Lost or stolen data
• Scams and fraud
• Attacks on your internal network
• Hacking of your public website
• Inappropriate email use including lost or stolen messages
• Threats to company mobile devices
• Employee wrongdoing
• Facility breaches
• Theft of proprietary information
• Electronic payments and storage of customer data

How to Identify Potential Scams

It has been said that knowledge is power and this is certainly true when it comes to Internet scams. As scammers become more sophisticated, it’s harder to differentiate between authentic messages and scams. The more you know about what potential scams look like, the better you’ll be able to identify and avoid them. 

Start Local

The first step in building awareness about potential scams is to follow the trends in your area. According to Click 2 Houston, the most common scams in Houston that could affect small businesses are:

• Phishing: Scammers may use email, social media messages, or other forms of digital contact to try to collect your personal information such as an address or credit card number. Small businesses may receive messages from scammers posing as potential clients, the company’s bank, or other vendors. Remember that Central Banks and other companies will never ask for sensitive data over email. Report any suspicious messages to your IT department and/or the real institution the message is supposedly from. Verify that it is authentic before you respond.
• Tax Collection Scams: These are usually seasonal, beginning in January and ending with the April deadline for tax filing. Your businesses may receive a call from a scammer posing as an IRS agent and threatening severe consequences such as jail time if you don’t pay a certain past due amount right away. Read these guidelines on how to verify an authentic call from the IRS (Spoiler: They never call to demand immediate payment). Similarly, you may receive a phony debt collection call about a sum your business supposedly owes and must pay right away. 
• Phony Tech Support: You or your employees may receive a call or see a pop-up ad that is purportedly from the antivirus software you use. The ad or caller will ask for “tech support” access to your computer in order to fix a problem. Instead, you end up with malware and stolen data. 

In addition to news reports about trending scams, you can always turn to institutions you trust for advice on identifying and preventing scams. Central Bank’s Online Security Tips provides useful information on all aspects of online security and can be easily shared with your employees. We also have information about Business email compromise (BEC), in which one or two employees are targeted for sharing sensitive information or business funds with scammers. You can print our BEC diagram to post as a reminder on employee bulletin boards.

Advice from the Attorney General of Texas

Beyond local news, statewide resources are a great place to find relevant information on current scams. Ken Paxton, attorney general of Texas, shares these 5 scam tip-offs:

• You're not the one who initiated the call. Unlike when you call a company or customer service number, you can never be sure the person on the other end of the line is truly who they say they are.
• It sounds too good to be true. Easy money? Zero interest loans? Whatever bait they’re offering, if it sounds too good to be true it probably is. Honest business lenders won’t promise you an instant loan or ask you to make a down payment over the phone.
• They ask for sensitive information. As mentioned above, no reputable bank or business will ask for your complete social security number or other personal data over the phone.
• They ask for immediate payment by prepaid debit card, wire transfer, or airborne money. Whether the scammer says you have unpaid taxes or debt, or asks you to send money in order to get something in return, never agree to one of these instant payments. A reputable firm will have a website, mailing address, or other traditional forms of payment.

To report a consumer fraud complaint in Texas, click here.

The Small Business Best Practices for Mobile & Online Security

Now that you have a better understanding of what cybersecurity is, as well as the threats and scams it can protect you from, you might be feeling empowered but also a little overwhelmed. Where should you start and what do you need to do to ensure your business is equipped with the cybersecurity best practices for mobile and online security? Here are 10 relatively simple ways to build your cybersecurity strategy. We also recommend the FCC’s free tool for creating a customized cybersecurity plan.

1. Use a firewall consisting of several different programs to shield the data on your private network from hackers and other outside threats. Your operating system may already come with a firewall or you can download one. Consult with your IT department or a local security specialist before choosing an external firewall.
2. Install anti-malware software on all company computers, including employee laptops. This way you’re protected in case your employees open a phishing message.
3. Take advantage of multi-factor identification. Your employees are probably already familiar with this security measure from some of their personal accounts. Requiring a password and a pin sent to a mobile device provides an extra layer of defense between hackers and your company email system and network.
4. Back up company data on a routine basis. Store the backed-up data in a separate location so you can access it in case a physical disaster (fire, flood, hurricane) strikes your office.
5. Utilize security measures for mobile devices. All company mobile devices should be password protected, encrypted, and protected with security apps to prevent hacks on public networks.
6. Create internal security standards and practices that every employee, from the most entry-level to the highest senior official, is familiar with and can access as needed. Run training for current employees and include it in all new employee onboarding.
7. Establish a password policy. Employees may protest about having to change their password every 3 months or other rules designed to make passwords stronger, but your business will be safer for it. Hackers can sometimes obtain passwords without phishing, simply by guessing.
8. Keep the operating system, Internet browser, and security software up-to-date on all company computers. Running out-of-date software makes you more vulnerable to viruses and malware.
9. Set up your wi-fi router to be hidden, encrypted, and password-protected.
10. If you process payments online, use a merchant card services vendor to guarantee the security of transactions and customer payment data.

From cybersecurity to other business needs, Central Bank is here to help!

We are a Houston-based community bank with more than 60 years of experience helping businesses succeed on their own terms. If you need help with cybersecurity, merchant services, or other business banking products, Central Bank offers local expertise and customized solutions to your everyday needs. Contact us today to get help or visit one of our four locations in Houston.