The following information is provided by the Maple Valley Police Department.
We have seen the adverse effects from cyber criminals with their ability to whittle away a corporation or business firewalls and security systems to gain access to credit cards numbers and personal information.
The credit card numbers which were stolen from Target and Home Depot were stolen from someone hacking into the database which contained the card number files. This is pretty difficult, so the perpetrators definitely knew what they were doing.
For businesses, here are some ideas to protect you from outside intrusion.
• Most businesses use a third party for completing credit card transactions. It is a good practice to call the company representative from time to time, and ask them if they regularly update security protocols and review firewall settings on their network. Even if the person calling doesn’t really know exactly what this means, the answer to both should be yes.
•If the business keeps its own records, make sure the files and folders are encrypted using software. The decryption code should be kept on a separate system, or locked in a safe. Regularly back up and archive the database which holds the records.
• Any time a change of management or IT personnel occurs, change the encryption. It is also a good idea to vary when the encryption code is changed.
Most people can remember where to look for the old code for about 30 to 45 days, if the code is being changed that often, at least the security breach would be limited.
•If the employee is the one swiping the card, have them repeat the name on the back of the card to keep the customer involved and part of the transaction. “Thank you Mr. Smith, here is your card” or something similar. This will also prompt the employee to look at the name on the card, and the ID when required to see if the names match.
• Use a dedicated computer for all your online financial transactions and, ideally, make sure it’s one that isn’t used for other online activity such as social media, email and web surfing which can open up the machine to vulnerabilities. Avoid mobile banking if you can.
• Another easy step you can take to protect your IT systems is to institute a password policy. Make sure you and your employees change them regularly (every 60 to 90 days is good rule). Use different passwords for different online and system accounts.
•Educate your staff. Employees are perhaps your biggest point of vulnerability when it comes to fraud, but they are also your first line of defense. Hold regular training sessions on basic security threats (online and off) and prevention measures – both for new hires and seasoned staff. Enforce the training by instituting policies that guide employees on the proper use and handling of company confidential information, including financial data, personnel and customer information.