In The War On Small Business – You Are The Biggest Threat
Last week, I talked about the five biggest threats to your small business and how to recognize them. The fifth thing was to look in the mirror. Why? Because you are the weakest link in keeping your business secure. Period. Even if you disagree with me, and plenty of folks do, taking a few simple steps to protect yourself, your family and your business is all it takes to make a big shift in security.
First, you have to change your mindset. Here are three new things to try on for size. This week is the first, and most important one, in my humble little opinion.
What does this mean? It means, everyone has the right to question the boss when it involves the potential sending or disclosure of sensitive business information or personally identifiable information. Don’t make it tougher than it has to be. That means when an order to disclose or send information is received through email, the person who received the message gets to call the sender and make sure that’s what they meant to do. And why.
Here’s how it works. Prior to this, the company sends out a policy that says every employee has the right to contact the sender of an email when that email asks for the disclosure or sending of business or personally identifiable information (PII). If the CEO has an assistant, the assistant will notify the CEO (or business executive). Under no circumstances, is the employee to be reprimanded or be refused an answer.
- Employee receives email staying “This is the CEO. Send me all the W-2’s.” (Ask Seagate why that’s a bad idea.)
- Employee, realizing this is sensitive business and PII, calls the CEO’s office.
- Employee says “I have a Business and PII Verification Request” or something like that (use what works for your company).
- Employee tells the other party the request received.
- The request is either approved or denied.
- Employee then, and only then, emails the requester with confirmation of the phone call.
- Employee drafts a new email – not a reply to the previous email – and sends the information.
NOTE – DO NOT reply to the email and ask “Are you sure you want to do this?” If the email is a scam to begin with, you’re simply asking the criminal for permission. This means call and stop your biggest threat.
This might take 5 minutes – 10 if you have to follow up. The alternative is to lose thousands of sensitive documents, or maybe millions of dollars. It’s a no-brainer to me. What say you?
Next time – the second thing you can do to stop your biggest threat.