Tips for Holiday season personal and cyber security
Personal Security Tips
It’s that time of year again! This is it, This is “go” time for the jewelry industry. All of your waking moments are going to be focused on maximizing profits with great holiday sales promotions and incentives. This is also the time of year when criminals will also be out and about hoping to capitalize on the same set of circumstances. They are banking on a target rich environment with all of America out shopping for the holidays. So, Don’t let your guard down. Lets look at a couple of areas of vulnerability that you have. Lets start from the outside looking in. Many Holiday season robberies are occur in parking lots. No one from the jewelry business should walk out alone! Call your local Law Enforcement agency and ask for random patrols. If you own the property, make sure that your parking lot has adequate lighting and that your external camera’s and lighting systems adequately cover your parking lot. If you are in a strip mall, talk with the property management company and make sure that all of the street lights are in good working order to take away dark areas. Many stand alone locations use some type of window decorations for promotional purposes. Make sure that you can see out and that a police officer or security guard can see in. During the overnight hours I cannot stress how important it is to secure your inventory in a safe or vault, no matter the value. You may know that it is costume jewelry, but an opportunistic thief will not. The damage that they do trying to get in can still cost as much as losing your inventory. The “cover with a sheet” securing jewelry method has cost many a jeweler a ton of money!
On the inside during business hours. Have a” greeter” at the front door. Nothing says we pay attention like a smiling face making direct eye contact. If you have camera’s have a monitor that is clearly visible that shows that the front door is watched and that it is being recorded. You can also do a split screen with promotions running beside the security image! Re-arrange your inventory so that your most valuable items are the most difficult to get to prevent a snatch and run robbery. If all of you valuable items are at the front door, It makes getting away so much easier. Lastly, have a team meeting at the beginning and end of each business day. Talk about sales goals, and security. You will be amazed at how much this simple thing increases your security and your sales!
Cyber security: Protecting your reputation and sensitive information
Having a full-time IT staff may not be an option, However, protecting your sensitive information in today’s information age doesn’t have to be difficult. Realistically securing your businesses sensitive information falls into 3 categories: Device Security, Encryption protocols and finally Employee behaviors.
1. Device Security
Securing your device can simply be accomplished by placing your devices behind some form of barrier. That can be a locked door or gate. Many businesses use laptops, tablets and smartphones. Each one of these devices can be connected to your business network, so physically securing these devices is paramount.
Make sure that you do not leave these devices within easy reach and that they are properly stored in the private areas of your business and that the display screen is not visible to the public. Secondly, No unauthorized person should be able to physically access the computers, tablets and smartphones that are a part of your network. This can be accomplished by appropriate signage and gates that delineates off limit areas. A common mistake that we see is that many businesses will allow a customer to use their private restrooms which allows someone to have access to these devices.
Isolate your payment portals from your other business programs that are less secure. We also strongly recommend that you do not use the same computer to process payments that you use to surf the net.
Back up of the data on your computers. All of your sensitive information such as financial, HR, Inventory and cost data should be backed up nightly and preferably off site with a trusted secure data storage system. Routinely update your security software, web browsers and operating systems. This is one of the best habits that you can develop to protect against computer viruses and malware programs. Finally, make sure that you have installed a “Firewall program” and that it is “Enabled”.
Imagine what would happen if your competitors were able to obtain your vital business and proprietary information. This could have disastrous consequences. However, the consequences of cyber criminals obtaining and sharing your hard-won customers sensitive information could put you out of business. Target, Home Depot and other international brands are fighting this battle now.
2. Encryption protocols
Develop a password protection program. Ask yourself this question: Does this device allow access to our business network or is it a portal to sensitive information. If the answer to that question is “Yes”, then it requires a password. Not a simple password, such as a business name123 but password that is not easily bypassed.
Every employee should have their own username and password in order to access your network. Secondly, that these passwords are routinely changed on a quarterly or better basis. If you have a “master password” that everyone uses you are needlessly exposing your business to a significant risk. (This also applies to your business alarm.) If you are using a wireless network, ensure that it is not broadcasting your wireless networks name or SSID.
You may allow your customers and guests to hop on your wireless network. If it is your business network, you will be putting all of that of your sensitive data at risk. You can accomplish the same thing by setting up a “Guest network” for your customers. This will insulate your business network and allow your guests to surf the net without putting your business at risk.
Be aware that cyber criminals may pose as a customer in order to socially engineer their way into your data systems. They may ask for a wi-fi password so that they can surf the net. Developing encryption and secure passwords protocols significantly lowers your exposure!
If you have not already done so, establish network security policies and that the policies are enforced. You will have to set specific guidelines and spell out what is and is not acceptable behavior and the consequences.
Keeping employee’s away from non-business related websites should be your goal for every device that is connected to your network. Email represents a significant risk, do not click any suspicious links or emails with dubious origins. Keep in mind that with the proliferation of tablets and smartphones, your employee’s have a wide range of options to surf the net on their own devices. If they do use your wi-fi, make sure they are signed on to the “guest network” mentioned earlier.
We recommend that no one employee be given complete access to the entire data system. The employee’s access level should match their responsibility. We have often seen that employee’s will routinely forget to log off at a computer and another employee will jump on the system using someone else’s credentials. In many cases, this boils down to simple mischief, but the reality is that you can open yourself up to significant risk. There are a plethora of relatively inexpensive log on tools on the market.
As a jeweler, you and your employee’s are not in the security business. What you may perceive as a harmless request such as using the bathroom or asking for your networks wi-fi password can be a brute force attempt to gain access to your sensitive data. similarly, anyone wanting to attach some type of thumb drive or “charge” their phone with your computer also represent a risk! Cyber-security is constantly evolving due to the exponential increase in technological capabilities. You can lower a lot of your risks by adopting these Cyber security principles