Beefing Up Your Company's IT Security
47. How Secure is Your Wireless Network?
The use of wireless networks within many organizations and businesses is becoming more and more widespread. This includes banks, manufacturing assembly lines, airports, restaurants and one-person home offices. What's not so widespread, however, is the employment of information security measures in these wireless applications and networks.
Constant monitoring of access points is one of the best ways to keep a wireless network secure. The most basic security measure you can take with your wireless devices is to immediately change their factory-set passwords and enable encryption keys (commonly known as WEP) so that data transmitted through the wireless network is more protected.
48. Use a Firewall
A firewall is a software application that controls access to your network at the "perimeter," i.e., where it connects to the Internet. This "controlled access" ensures that internet users only have access to particular services provided by your company's network (web servers, e-mail servers, etc.). Any attempts to access unauthorized information or services are blocked.
You can also use your firewall to block employees from accessing some outside information services, such as non-business-related websites or internet chat. Other common firewall add-ons include antivirus capabilities and privacy protection services to block proprietary information from leaving the building in any electronic form (e-mail, file transfer, virus activity, etc.).
For an added measure of protection, you can also add intrusion detection to your firewall. When a firewall allows internet users access to a company's website or other services, system vulnerabilities can also let in hackers. Intrusion detection systems can detect this type of activity and block the would-be hackers before they can do damage or steal vital company information.
49. Perform Security Audits Regularly
Security audits are one of the best ways to identify security risks and validate the protection devices you've already put into place. Comprehensive audits should thoroughly test for vulnerabilities of all systems, correlate the findings, test exploits, identify the true level of risk to the business, and detail remediation requirements.
Such audits should be performed at least once per year against the internal environment and every six to 12 months against the external environment. This frequency is a suggested minimum, and many companies rightfully prefer to test certain aspects of a full audit more frequently. Unless the knowledge, experience and manpower to perform such audits exists in-house, you'll need to consult an outside IT security expert.
50. Establish and Enforce a Security Policy
Security policies provide a roadmap for both IT and non-IT personnel on how your company expects your employees to conduct themselves with any matter that affects the security of the business. In many cases, actions have an obvious impact, such as the disclosure of passwords to unauthorized personnel. But other potentially dangerous actions may be less obvious, which is why it's necessary to outline these risks and your security policies for all employees.
Other security measures you can undertake include swipe cards, changing passwords often, and restricting sensitive areas. A professional consulting firm specializing in security policy development can save time and money and ensure an up-to-date policy.
51. The Enemy Within
Companies usually try to patch every loophole and make every system impenetrable. But guess who knows more about these loopholes and ports of penetration than anyone? Your current and former employees. Disgruntled employees, former employees (especially those who've been fired), and even external service providers--anyone with "insider information"--are the most likely culprits of a security breach. It's for that very reason that four out of five IT-related crimes are committed from within an organization. Consider running background checks on employees as part of your hiring process, and change passwords after employees leave the company.
Smart Tips for Buying Software
52. Consider CRM
A customer relationship management (CRM) solution can help you streamline customer service, simplify sales and marketing efforts, find new customers and generate more revenue from existing customers. You can record customer interactions with sales and customer service personnel and keep a centralized database with current customer information that everyone in your company can access. This will allow your entire organization to understand what each customer wants and needs and give you a 360-degree view of your business 24/7, which will help you keep customers happy and boost your bottom line.
53. Keep It Legal
Make sure your business is always BSA compliant. The Business Software Alliance (BSA) is a trade association made up of leading software makers whose job it is to make sure that businesses aren't using pirated versions of their software. If you think making illegal copies of software instead of buying it is cheaper, it's not. Federal copyright law specifies up to $150,000 in damages for each infringed work and BSA is on the hunt for those violating their copyrights. You're better off buying it in the first place.
What to do? Spend a lot of time making sure every program in your company is legal. Yes, it's expensive and hard to keep employees in line, but you don't want to get a visit from the BSA.
54. Take a Test Drive
Try it before you buy it. Check out software company websites for downloadable demos that can help you better gauge how easy their products are to use. If a demo version isn't available, there's usually a detailed online tour that gives you a lot more information than a paper brochure. And before you buy the package outright, check with the software company to see if it's bundled with other software or equipment that you might be in the market to buy anyway.
If you're shopping for a new accounting package or other critical software, consider doing a "scripted demo," where you enter your data and run through test scenarios specific to your business's transactions. It may be time-consuming, but if you buy the wrong software, it will be more costly later.
55. Get Automated
Take a good look at your business and pinpoint those activities that take more time than you'd like--the ones that make you mutter to yourself "There must be something out there that can do this quicker than I can." No doubt, there probably is. For that matter, think about those activities you never seem to have time to do. From tools for creating websites to time-billing software, new products could provide brilliant solutions to problems you haven't yet resolved. Make sure, though, that the solutions are worth the money and time you'll have to spend to implement them successfully.
56. Evaluating Your Software Needs
Before you rush off to buy software, keep in mind that you have several factors to consider other than just the capabilities and costs of the software. Your selections should be based on your company's size, industry, internal organization, computing environment, technical expertise and, of course, the ever-important user interface. Even a great product can end up being a nuisance if it's not intuitive to you as a user.
Re-evaluate your company's staple software. For each program, draw up a wish list of features or enhancements that would make using the package easier. Often, the solution may be as simple as an upgrade to the latest version available. Consider hiring an IT professional to examine your system and business needs and tell you whether you even need to upgrade. Getting an expert opinion can be a money-saving move for small-business owners who would prefer to spend time keeping up on the latest developments in their industries than on the latest in software.
Accepting Online Payments
57. Choosing a Shopping Cart Program
Even if you've got the best-looking site selling the best product at the best prices, you'll lose customers if your shopping cart system is difficult to use. It's important to make the right choice early on, but first ask yourself if you actually need a shopping cart. If your site sells just one or two products, you can probably just set up an online order form for those products, rather than needlessly complicating your life managing a shopping cart program.
If you do need a shopping cart, look into an ASP. This means that the service is hosted and maintained by a third party. They're easy to set up on your site and you don't need advanced programming skills to get them to work. Most ASPs also offer package deals that include a merchant account and payment gateway so you won't have to go through the hassle of trying to get those things sorted out separately. Though an ASP won't have a personalized look, when your company grows you can either buy software or hire a programmer to customize it for you.
58. Credit Card Industry Terms to Know
The following are terms you should familiarize yourself with as you shop for a card processor.
- The discount rate: The percentage of each transaction paid to the merchant account provider. If your monthly charges are less than a certain volume, the processor may charge a higher percentage.
- Transaction fee: a flat rate charged for each transaction processed.
- Equipment: Some examples include point-of-sale terminals, printers and peripherals. Also find out about installation costs, which may or may not apply to internet-only business owners.
- Monthly minimum fees: These are minimum fees that the merchant account provider collects each month from the merchant if the merchant's discount rate and transaction fees don't add up to the monthly minimum specified on the original merchant application. It is usually about $25 per month if the monthly minimum volume isn't reached.
- Reserve fees: If your credit history is in question, or if you own a new or high-risk business, you may be required to set up a reserve account, which protects the processor from any future losses. The reserve account is calculated as a percentage of your sales.
- Chargeback fees: These are the costs charged by a processor to cover disputed charges.
59. Security and Fraud Prevention
Process all credit card payments in real time using Secure Socket Layer (SSL) technology which encrypts all confidential information during the transmission and authorization of transactions. This can be part of your shopping cart program, or you can purchase the technology separately from companies like VeriSign.
You can also protect yourself using the MasterCard's card validation code 2 (CVC2) system and Visa's card verification value (CVV2) verification system. Visa and MasterCard have basically imprinted three-digit codes on all their cards to help determine whether a genuine card is being used in a transaction. These are especially helpful in online and phone orders since merchants don't have the card in front of them to run their magnetic strip through the system.
60. How to Accept Credit Cards
The first step is to set up a merchant account with your existing bank. If your bank says no, try other local banks or companies like Cardservice International or VeriSign. A typical fee schedule for a small-volume account (fewer than 1,000 transactions monthly) would include startup fees of about $200 and monthly processing fees of around $20. Any vendor that sells you credit card processing should also provide a secure transaction environment as part of the package. If they don't, look elsewhere.
Be sure to ask prospective processors about the costs of storefront solutions that you must have to effectively operate your website, such as shopping carts, web hosting, payment gateways, virtual terminals, virtual checks, databases for fulfilling orders, customer tracking, and a way to calculate tax and shipping charges.
61. Giving Customers Payment Choices
Credit cards are the most widely accepted form of payment on the web--they're secure, fast and convenient. Online merchants can also offer their customers the option to pay with debit cards, money orders or electronic transfers from their checking accounts.
Services like BidPay.com allow customers to purchase Western Union-branded money orders with their credit, debit or charge cards, and then send the money orders to you along with an email notification saying the payment is on the way. Western Union's MoneyZap service lets buyers pay merchants online from their existing checking accounts by transferring funds electronically.
And then of course there's PayPal, which lets consumers send money to anyone with an e-mail address through their credit card or checking account. Consumers sign up once for the free service--after that, they use their account number to buy products online securely, conveniently and cost-effectively.