An employee gets a phone call, pop-up, or email warning about a problem with the office computer. In an effort to be helpful – or perhaps concerned they clicked on something that caused the glitch – the employee follows instructions to send money, turn over personal information, or provide access to your system. As a small business owner, you know it’s a tech support scam, but are you sure every member of your team has the savvy to spot it?
Blog Posts Tagged with Data Security
It’s Day 2 of the data security discussion, presented as part of the FTC Hearings on Competition and Consumer Protection in the 21st Century – and you can watch the webcast live.
When cyber crooks send messages trying to trick people into disclosing passwords or account information, they often mimic a recognizable email address to make it look like it’s coming from a trusted source – for example, from your company. It’s a practice called spoofing and it packs a double wallop. Not only does it put consumers at risk for identity theft, but spoofing can unfairly damage the reputation for trust you’ve worked hard to earn.
Phishing scammers have gotten more sophisticated. They still send out mass emails asking consumers for credit card numbers or bank account information. But they’re also targeting small businesses by imitating the look of messages your employees routinely receive.
Mention the word “ransomware” at a meeting of small business owners and you’ll feel the temperature in the room drop by 20 degrees. A ransomware attack is a chilling prospect that could freeze you out of the files you need to run your business. When FTC staff met with business owners across the country, you cited ransomware as a particular concern. New resources from the FTC can help protect your company from this threat.
An employee catches up on some work while visiting the local coffee shop. She grabs her Double Mocha to go, but accidentally leaves behind a flash drive with hundreds of Social Security numbers on it. When she returns, the flash drive is gone. Then there’s the staff member who needs to free up file room space. After he tosses a stack of old company bank records into the garbage, a dumpster diver spots the trash and walks away with a windfall.
The FTC hosted roundtables across the country asking small business owners how we can help you address the challenges of cybersecurity. Based on your feedback, we designed to-the-point tips now available at ftc.gov/cybersecurity. Last week we kicked off a 12-part every-Friday Business Blog series with cybersecurity basics.
As a small business owner, you know that cyber criminals will steal data any place they can find it, whether it’s from a global giant or a Main Street store. So where can you find just-the-facts security advice tailored to your needs? At ftc.gov/cybersecurity. The FTC has boiled it down to a dozen need-to-know topics for small businesses and we’ll address one each week in the Business Blog.
Do you work for a non-profit? Or maybe you’re on the board of a charity or active in a professional or service organization in your community. If so, you know the group collects all sorts of private information, including details about members or people you serve and financial information related to donors. Your own personal information, too, is probably in the group’s records of employees and volunteers. Cyber criminals would love to get their hands on that data.
Take out your scheduler now and block out Thursday, June 27, 2019. That’s the date of the FTC’s fourth annual PrivacyCon and you’ll want to be in on the action.
Small businesses are concerned about ransomware, email imposters, and other common cyber threats. So FTC staff hosted roundtables to ask business owners what we can do to help. You came from different parts of the country and different economic sectors, but your answers were consistent and you didn’t mince words: 1) You want straightforward advice that’s easy to implement; and 2) You want consistent guidance from the different federal agencies that deal with cyber threats and data security.
When an emergency strikes, your business’s most vulnerable asset may not be in the stockroom or warehouse. It could be the data that has been central to your success. September is National Preparedness Month. The FTC has six steps you can take to help protect your company’s information from the unpredictable.
Thinking about replacing a company car or truck? Unless you take some security steps before selling the vehicle, you could be leaving behind a water bottle or two, some change under the seat – and a massive amount of corporate and personal data.
Food experts don’t recommend it for your ground chuck or pork shoulder, but starting September 21, 2018, there’s something consumers can safely freeze, unfreeze, and then freeze again.
It’s their credit file.
Keep a watchful eye on your service providers. For conscientious companies, that’s Privacy & Data Security 101. It’s also a key compliance tip from the FTC’s proposed settlement with mobile device manufacturer BLU.
Last year, we heard from small business owners about their cybersecurity challenges at a series of roundtable discussions the FTC hosted with some of its partners. What we learned is that small business owners need and want information on how to keep their computer systems and business data safe. So we’re planning to provide that to them. Later this year, the FTC will launch a small business education campaign on cybersecurity, in partnership with other federal agencies.
In its August 2017 proposed consent agreement with Uber, the FTC alleged, among other things, that the company’s unreasonable security practices resulted in a May 2014 data breach. But there’s more to the story now. According to the FTC, Uber experienced another breach in the fall of 2016 – right in the middle of the FTC’s nonpublic investigation – but didn’t disclose it to the FTC until November 2017.
Every business wants to forge an ongoing relationship with their customers. That principle takes on special significance for mobile device manufacturers when they need to issue security patches for the operating system software on their phones and tablets. Once devices are in consumers’ hands, are they getting the patches they need to protect against critical vulnerabilities? Are companies deploying those patches in a timely fashion and for a reasonable length of time?