Tax season already offers a bountiful supply of headaches and annoyances for small business owners: filing W-2s and 1099s, assembling financial information so the CPA can file the company’s income tax return, and maybe having a bill or two to pay as recompense for all the work you’ve done. If years past are any indication, businesses and their employees also need to worry about crippling viruses, malware and phishing schemes.
Since the moment computer users could reach beyond their walls to the virtual world, malware (software designed to secretly access one’s computer remotely) and computer viruses have flourished. Cyber scum always seems to stay just a step ahead of the latest Internet security protection, and businesses can probably expect a new wave with the coming tax season. But that doesn’t mean the situation is hopeless.
“Even though threats are going to increase, it’s not doomsday or Armageddon,” said David Marcus, director of security research for McAfee Labs. Marcus added that there are things that every business using computers can do to minimize their vulnerability.
But before one can fix a problem, one has to first identify the problem.
Slow down, you’re going too fast
You won’t find many business owners exhorting their charges to take it down a notch. But that strategy — at least when it comes to opening e-mails and attachments — might be vital in protecting your business’s data and systems. “Oddball things happen with one stroke of the mouse,” said Howard Sherman, CEO of RoyalGeeks.com in Matawan, N.J.
Computer users, explained Sherman, can avoid much pain and annoyance simply by slowing down and reading: Who’s the e-mail from? What does the message actually communicate? Is that message characteristic of something the sender would write?
Sherman points to last year’s tax season scam. He explained that the IRS never e-mails taxpayers; they always send snail mail. Yet many people opened the fake e-mail, not questioning the possibility that perhaps the IRS did not have a refund for them, and gave the scammers their Social Security numbers and bank account information. This type of scheme, where senders pretend to be a person or organization that they are not, is called phishing.
Sharing is nice…in kindergarten
There is, and has always been, such a thing as too much information. Twitter, Facebook and other social networking sites are giving new meaning to the concept. It’s one thing to broadcast how many minutes you spent on the treadmill. It’s quite another to publish your birth date or names of your family, things that could offer hackers information connected to passwords.
Yes, these are the kinds of information normally associated with one’s personal life. But keep in mind that many businesses let employees set their own password. Thus, the business becomes vulnerable because of the shared information.
There are a lot of mass-produced solutions to known threats that are available on the market. “They get you about halfway there,” said Marcus. “They’re not there to stop everything.”
Fighting today’s cyber scum requires a multifaceted approach. Marcus preaches behavior modification. It’s not enough to be aware that malware or phishing exists. Computer users have to change the way they interact with the Internet.
For starters, they can download attachments to a hard drive and scan them before opening. A pain in the butt? Absolutely. But how do you measure the value of corrupted data or the cost of productivity? Too often, said Marcus, “People take for granted that what is sent is okay. People need to step back and evaluate how their behavior might impact their computer.”
Safe searching technology can go a long way toward stopping malware. Marcus explained that safe searching technology is usually found as a plug-in to a browser that examines a website before a user commits to visiting. The browser stores — and then repeatedly updates — a list of websites considered to havens for phishing and malware.
Whitelisting is a protective technology that allows only certain types of applications to run based on their perceived safety, according to Marcus. Similar in that regard to safe searching technology — it’s another layer of protection that, at the very least, requires users to pause before proceeding.
More than anything, though, Marcus and Sherman preach common sense. And business owners have to accept the responsibility to teach employees — and themselves — how to change behaviors that can create risky situations.
- Paper Trail: A Guide for What to Save and What to Trash
- Countdown to Tax Day: What Businesses Need to Know
- Why Small Businesses Will Get More Credit Card Offers in 2011