With that in mind, I thought I would put together a few tips for staying safe this Christmas.
 

Beware of Email Scams

An increasingly common scam sees an email with an enticing offer or alarming warning sent with a clickable link. It is a trivial matter for a criminal to pass an email off as originating from a legitimate source, so be careful. If emails contain spelling or grammar errors, or if their address looks suspect (e.g. site@websiteoffers-com.co) then it is likely to be a scam. To be on the safe side, you should refrain from clicking links in emails and instead visit the site manually.
 

Always Look for the Padlock

When buying items online, ensure that there is a closed padlock in the address bar. If there isn’t, your transaction is not encrypted, and anything you send could be intercepted by a third party. Legitimate online retailers will always process payment information over an encrypted connection. However, be aware that the padlock itself isn’t proof of a legitimate site, as free services such as Let’s Encrypt, and Cloudflare can provide SSL certificates to virtually any website. If you’re purchasing from an unknown retailer, then do your homework first. Look for reviews, check the site has contact information and remember the golden rule – if it sounds too good to be true, it probably is.
 

Beware of Fake Charities

It’s only natural that we feel a bit more giving around Christmas time. Scammers are aware of this too. Social media adverts and emails have been found to contain fraudulent appeals mirroring real-life campaigns. If you’re planning to make some charitable donations, then make them directly to the charity and not via a third-party, or through a link you’ve found online.
 

Beware of E-Cards

Environmentally conscious individuals increasingly prefer to send e-cards instead of traditional cards. If you receive one that requests you do something (click a link, download software, etc.) before it even tells you who it’s from, it may be a trap designed to download malicious software (malware or ransomware). Don’t open e-cards unless you recognise the sender and can be reasonably sure the card is legitimate.
 

Christmas Delivery Scam

In a real-world scam, victims of identity theft have reported receiving goods they didn’t order (such as mobile phones or games consoles) only for the delivery company to later phone up, claiming a mistake has been made and requesting to retrieve the goods. Inevitably, the person who comes to collect the “mistaken” delivery is the person who ordered the goods. In this scam, a person’s details have been used to obtain credit and purchase items fraudulently. If you receive anything you’re not expecting, then report it immediately to the sender and check your credit record for strange activity.

Ditto for Emails

Fake dispatch and delivery notifications are common and ramp-up at this time of year. The cybercrook hopes that in all the chaos of managing so many deliveries, you’ll let your guard down enough to click the links informing you about the item that’s been dispatched or the missed delivery. Keep your head and make sure you know what you’ve ordered, who from and when it should arrive. It might spoil the surprise, but try and let people know when you’ve sent them gifts too. Otherwise, you could click a link that tries to phish your information or put malware on your computer.

Be especially aware of the ‘Redelivery Fee’ scam where emails that appear to come from well-known companies like Royal Mail and DPD inform you that you’ve missed a delivery and need to pay a modest fee to book redelivery. The overwhelming majority of delivery companies do not charge for redelivery. In this scam, you will be sent to a phoney form intended to harvest your card details so that the scammers can make hundreds of pounds in charges to them, often while you’re sleeping.

If you receive such an email and suspect it might be genuine, a thirty-minute confirmation call to Customer Services is a lot less trouble than a thirty-minute call to your bank’s fraud department.
 

Email Attachments Can be Dangerous

You also want to ensure you’re not opening dodgy email attachments. Watch out for Word documents, PDFs and Excel spreadsheets attached to emails as all of these can be embedded with malicious macros or code. If an email looks legitimate but contains such a file, be certain that you know who sent it and why. Business owners often receive fake emails purporting to be from HMRC about corporation tax problems, whereas consumers may receive them about deliveries or invoices. If in doubt, contact the supposed sender.
 

Deceptive Online Games

You might give your children a new phone, tablet or gaming device this Christmas. Ensure that they’re aware of online games, particularly of the “pay to win” variety. Although not a scam, many mobile games use a microtransaction system where helpful items can be purchased in-game with a few clicks. Unaware parents have found their children have racked up bills of hundreds or thousands of pounds. Make sure that you are aware of any account that is linked to your payment information.
 

Looking for Love?

Many people receive emails daily from people claiming to have “found” their profile, even if no such profile exists. However, statistics show that at this time of year, more single people feel lonely and look for a new love on dating sites. Scammers know this too and set up fake profiles looking to hoodwink a few free gifts from unsuspecting users. If someone you’ve just met on a dating site begins to pressure you to send them gifts or spins a tale about a tragedy that has recently befallen them leaving them in need of money, be suspicious.
 

Avoid Christmas Screensavers

Scammers often like to take advantage of people trying to make their homes look Christmassy. You’ve put up lights, decorated the tree, covered everything but the cat in tinsel so why not add a fun looking Christmas theme to your computer? While legitimate vendors such as Microsoft, Apple, Google and Firefox might make such themes available, so too do a lot of crooks. That fun looking festive screensaver that you’ve downloaded from a previously unknown site could be doing all sorts of nefarious things in the background.
 

Make Sure Your Devices are Secure

The best thing you can do to protect yourself online is to have adequate security in place. A good firewall, anti-virus and anti-malware package helps to prevent malicious software installing keyloggers, ransomware or browser hijackers and keeps your information safe. Even so, be sure that any application you install is something you recognise. A still-common scam is for an antivirus you never installed to claim there are problems with your computer and demanding payment to fix them. It is highly probable the “antivirus” is itself malicious.

The post Avoid Scams and Have a Happy Christmas appeared first on Robin Lines Associates.

The following is not a comprehensive list, nor is it legal advice. It is intended as a quick guide of things you need to consider.

Perform a Data Audit

If you’ve been trading for any length of time, you’ve probably collected quite a bit of personal data from your customers. Names, email addresses, phone numbers, etc. There has been a tendency to gather more data about an individual than a business needs. Therefore, you should run a data audit.

Look at all the data you’ve collected and ask yourself ‘what do I need this for?’ If you’ve got an address for a customer you with whom you haven’t had contact in several years, it might be time to think about deleting the information.

The more data you keep about your customers, the higher your risk should a data breach occur. The new GDPR rules put the onus on you to delete data that is no longer required after a reasonable period, but this is good practice anyway. If the worst should happen, the fewer records affected, the better.

Another question to ask is whether your people are taking data offsite. If they are, do they really need to do that?

Using the Cloud? Encrypt!

You would have to be living under a rock not to have seen ‘The Cloud’ marketed as the greatest business innovation of the past decade. However, storing lots of information in The Cloud isn’t without its risks. You’re trading whatever security setup you have on your local machines for the security provided by a third party.

Cloud data breaches are comparatively rare, but they do happen. Encrypting data before you upload it to The Cloud – particularly if you’re a sole trader using personal services – provides an extra level of security in the event of a breach.

A variety of services exist to encrypt data in The Cloud. The best ones use zero-knowledge encryption.

Take Backups and Encrypt Them Too

The rise of virtual offices and working from home means that a lot of small businesses or sole traders run their business from a laptop or two. Without taking adequate precautions, a hard drive failure or spillage can prove very costly. It’s vital you get into the habit of backing up your data regularly and securing those backups with encryption.

You should also turn on any encryption utility you have on your device to make sure that should it be lost/stolen, you have a better chance of not passing on info to criminals.

Turn on Two-Factor Authentication

It can be inconvenient, but many services now offer two-factor authentication. What this means is that a username and password is no longer all that is needed to access an account. Use of physical authenticators or a smartphone app requires an extra piece of information – usually a security code – to be entered to grant access.

There are some risks with two-factor authentication. If you lose your third-party authenticator you might have to go through a time-consuming process to regain access to an account but it’s a small thing compared to the extra layer of security.

One Password to Hack Them All

Do you use the same password for everything? You shouldn’t. If one service you have an account with is breached, all your accounts are vulnerable – and by extension, all your client’s accounts too. You should use a different password for every online account. It might be a nuisance when you suddenly find you need hundreds of different passwords, but it is a vital step towards good data security practice.

There are password managers out there that store your passwords in an encrypted form you may find useful. Many can even generate secure passwords for you. Some examples are LastPass and RoboForm. Note, however, that you are transferring trust to a third-party and you should always do your own due diligence on whether this is the right solution for you.

Be Suspicious

Most malware infections are triggered by opening attachments or clicking links in emails. Ransomware is a particularly nasty new trend whereby your files are encrypted by criminals who demand a fee to unlock them. In many reported cases, the files remain encrypted even after the ransom is paid. Criminals gather email addresses wherever they can, including from publicly available information.

If an attachment arrives in your inbox, even if it appears to come from a legitimate source such as HMRC or a client, don’t be in a rush to open it. Email addresses can be spoofed with basic IT know-how. Instead, ask yourself, are you expecting an email with an attachment? If not, does the email itself indicate what the attachment is? Is it written in the style of the person purporting to have sent it? If from an ‘official’ or government address, are there basic grammar or spelling errors?

If you are not certain the email is legitimate, simply email the person who is purported to have sent it and ask them whether they did. If it is genuine, it might be a bit embarrassing, but they may well appreciate your approach to security.

Don’t Use the Same Email for Everything

It’s easy to use the same email address for everything, particularly if you’re a sole trader. However, you shouldn’t. Not only does it lead to a disorganised inbox, it makes you more susceptible to the type of threats listed above. Try to have different email accounts for different purposes – one for business, one for bills, one for shopping, one for entertainment, etc.

It might sound cumbersome, but it can save you time and headaches. It also means that if you end up on a dodgy mailing list by accident, you’re not risking hundreds of nonsense emails landing in your business inbox. Remember, it’s a lot easier to change your bills or shopping email address to something new if the junk becomes too frequent than it is to change your business email address.

Remember the Basics

Don’t forget the basics of data security. Ensure that you have up-to-date protection against viruses and malware and that all your systems use a firewall. Ensure that you have a policy in place on what to do in the event of a lost or stolen device containing customer data. Always be security conscious – it’s easy to leave a laptop or phone in the back of a taxi when you’re rushed.

Finally, if you employ others, make sure that you keep them up-to-date on all data security policies and threats. It’s surprising how many issues occur because people forget to tell their people.

The post Small Business Data Security Considerations appeared first on Robin Lines Associates.