Simon Paul Thurston

It happens to the best of us.  You’ve just finished conducting your business for the day through Paypal.  As you check your email one last time before shutting down for the night, you notice a new email from Paypal stating that as part of one of their standard system upgrades, they are asking all users to log in and verify their personal data.  Without thinking (after all – you’re exhausted after a very long day), you click the link and try to log into Paypal.  The login fails.  After a few seconds, it dawns on you – you’ve just been phished.

Phishing (pronounced as “fishing”) is defined as the act of sending an email to a recipient under the guise of coming from an established, legitimate business.  The intent of the phisher is to scam the email recipient into surrendering private details, and to ultimately steal your identity and/or your money.

Phishing can be quite damaging for individuals, but even more so for businesses who are depending on profit for the daily necessities of running the business.  And to make matters worse, it isn’t as easy to recognize a phishing email as you might think.  At first glance, the email looks like it comes from a legitimate company.  The “From” field of the e-mail may have the .com in the sender’s address.  The clickable link even appears to take you to the company’s website.  In fact, it is a fake look-alike website built to replicate the legitimate one.

Many of these scammers are professional criminals.  They have spent a great deal of time and energy creating emails and websites that look authentic.  Users need to carefully review all emails that request personal information.  When reviewing your email, remember that the “From” field can easily be changed by the sender.  While it may appear that it is coming from a .com that you do legitimate business with, this is part of the deception.  The phisher will even copy logos or images from the official websites to use in their emails.  Finally, they also try to include a clickable link that the recipient can conveniently click on to update their personal information.

An excellent way to check the legitimacy of the link is to point at the link with your mouse – but don’t click.  If you look at the bottom left-hand side of your screen, the actual website address you will be directed to will show up for you to view.  This is a very quick and easy way to know if you are being directed to a legitimate site or not.  However – look at the link carefully.  Sometimes phishers will make their fraudulent website’s link name even appear very similar to the legitimate website’s link name – so look at the link very carefully.

Better yet – follow the golden rule.  Never click on links within the text of an e-mail, and simply delete the email immediately.   If you believe that it might have been a legitimate notice, simply open a browser and go to the website of the company that sent you the email.  Log into your account and check for yourself.  This is the only way to be absolutely certain that you are logging into the actual website – and not a fraudulent site created by a criminal who is intent on obtaining your private information.

When you are running an online business – security is critical.  You will be running a multitude of accounts including web hosting, image hosting, financial accounts, project accounts, and more.  You may be traveling on the road with a laptop quite often, finding yourself plugging into public networks across the world.  Because of this, your computer and everything that’s on it – including sensitive financial and other business data – will be vulnerable to outside access if you don’t properly protect yourself.  The second issue of concern is data loss.  If you don’t protect your data, then when a crisis happens you will be in a world of hurt.  Your child might dump orange juice on your keyboard, or a power surge or equipment failure might wipe out your entire hard drive.  Remember – in business, data is not only critical, it can mean the difference between gaining customers or losing them.  Easy access to your data, and safe storage of that data, will ensure that your business will never need to suffer through the catastrophy of data loss.

Information Security

Make sure that you have the latest and greatest virus software installed on your computer - and your subscription is valid.  Virus software is worthless unless you have the latest updates…because the virus threats that are out there change on a daily basis.  Professional hackers are out there constantly trolling the internet for unsecured computers to access financial information, install spyware or keyloggers, or somehow otherwise access your data.  Software such as Norton Internet Security will block any traffic that your computer has not requested.  McAfee and other Virus software providers have similar products that work just as well.

Install it, and pay the small fee that will offer you an entire year of free updates and solid protection from the threats that exist out there on the open internet.  Also, regularly run programs like SpyBot and AdAware that search for and clean your computer of spyware, adware, and malware.  These are all versions of virus-like software that have some malicious intent, such as monitoring your internet usage, logging your keyboard use, or something else.  It isn’t likely that you have any terrible software like that – most of the software out there like this only look for marketing information to determine ad displays when you visit a site.  However – there are some malicious applications and it’s much better to play it safe and protect your critical computer system and business data.

Protect your Data

Finally – constantly ensure that you have a backed up copy of all of your business data.  Correspondence, financial data, schedules, project work, and other files related to your business, when lost, can critically impact the success or failure of your business.  Protect it! 

 First - take a weekly full backup of all of your data files to a thumbdrive, or burn it to a rewriteable CD.  Personally I like thumbdrives, because it is extremely convenient – and depending which computer I’m on, I simply “sync” the data on the thumbdrive to a mirror directory on the computer I’m at.  In other words, when I’m on my desktop, I recopy all thumbdrive files to my desktop computer.  When I’m finished my work on that computer, I copy all of the files back to my thumbdrive.  Later, when I get on my laptop, I copy all thumdrive files to my laptop, do my work, then copy all of the files back to the thumbdrive.

 This way - there actually three backups.  So if either the thumbdrive, laptop, or desktop fails because of a virus or hardware problem, then I still have two copies of all of my data.  This is a redundant system that provides two levels of protection.

An additional form of protection is to use software like Acronis True Image, or Norton Ghost.  All of these software packages will take a “ghost” image of your computer for a full backup.  This means that not only are your data files stored away – but your entire computer’s image is backed up to cd.  This ”image” includes everything – your desktop, user settings, installed software, registry settings.   So if your computer ever crashes after a lightning strike and you lose your hard drive – you can simply buy a new hard drive, install your backed-up ghost image back onto it, and it’s like your computer never died.  Everything is still there - including every last shortcut you placed on your desktop, and every little piece of software you ever installed on your computer.

Information Security is a critical piece of protecting your online business from real crisis.  Take the time and invest the necessary resources to insure that all of your important data is secure and well protected.  There will come a time when you are very happy, and relieved, that you did.