For small businesses, protecting your data against tech crime can be challenging.
From those in the know comes this: The best defense is a good offense.
“Have a written data retention policy. Have a crisis management plan and test it out,” Laura Tucker, deputy attorney general in the Nevada Attorney General’s Office Bureau of Consumer Affairs, said in a recent presentation on tech crime at the Carson City Chamber of Commerce.
That’s not enough, she said, adding:
-- Make sure your vendors comply with the Payment Card Industry data security standard; as a small business you must be compliant as well.
-- If a data breach does occur, use the crisis management plan, take breached computers off the network, and notify law enforcement and affected clients.
The online world is fraught with risk for businesses and individuals alike, Tucker and others said, and limiting the amount of personal information on the web is a wise course of action.
“People put a lot of information out there. Think about what your online profile looks like,” she said.
Tucker recommended regularly ordering free credit reports from ftc.org, placing a fraud alert if your data has been breached and even placing a freeze on your credit, which prevents identity thieves from setting up new accounts in your name.
“You can thaw it out for short period of times,” said Tucker, such as during a home purchase when you need to demonstrate credit worthiness.
Something as simple as sitting down in a coffee shop and without a thought connect your laptop or cell phone to a public network has become commonplace.
Don’t do it, others at Chamber event said. If it’s unfamiliar and doesn’t require a password, chances are the network was set up by someone nearby, maybe someone sitting across from you, to collect user names and passwords off your devices.
“Make sure your phone doesn’t automatically connect to open networks. Turn off Bluetooth. Someone with a skimmer can walk by and pull stuff off your phone,” said Alan Cunningham, information security officer, Washoe County School District. “Take the time to set up a password on your phone.”
Cunningham said it gets exponentially more difficult to crack a password the longer and more complicated it is.
A seven-character password using all lower case letters, for example, takes well under a second to decipher.
The same password with just one more lower case letter takes five hours. Make it nine letters and hackers need five days to figure it out.
Strong passwords should include both lower and upper case letters as well as special characters, said Cunningham.
“And please, please, please, if your bank offers multistep verification, sign up for it,” he said.
Individuals should also be aware of debit and credit card fraud after burglaries and scams associated with it.
“We had one case where they would steal the cards and then call and say they were a detective who needed more information,” said Sam Hatley, a detective in the Carson City Sheriff’s Office.
Other scams include people calling to say a family member was in jail and needed money wired or the caller claiming to be with the government.
“Never send anything via Western Union or Green Dot when asked,” said Hatley.
The biggest issue in Carson City, he said, is counterfeit checks.
“We get a lot of check fraud,” said Hatley.
“We had one couple who would get jobs, quit, and then counterfeit the paychecks.”
Also be aware of so-called skimmers attached to ATM machines that look like the bank’s scanning device but are put there to steal information when a debit card is used.
“I always give them a little tug to make sure they’re valid,” said Hatley.