Screen shot with the word "Cybercrime"

Working in my family lumber business has taught me invaluable lessons. Early on, I saw the process my father used for keeping information secure.

At the end of each day, he would verify all handwritten invoices for the day and place these in a large safe. Then at the end of the month, one person would drive the invoices over to the accountant. The accountant would post these invoices into a posting machine. We would return and pick these up with printed statements, stuff customer envelopes, and place the envelopes in the mail. Usually by the 10th of the month we would receive payments, manually enter the payments in a ledger [also kept in safe], and deposit checks in the bank.

When I turned 12, we installed our first computer system and we stored data on a removable platter, which we also kept in the same safe.

These were secure systems, as we monitored the travel to the accountant’s office, bank, and the opening and closing of the safe. We were in control.

Today many lumberyards operate their accounting software systems, email, and vendor communications through the cloud. These servers are typically hosted offsite by a third-party expert.

Are we secure?

There is no doubt we have become more efficient, but we have also added to our risks. There is not a day that goes by when I don’t read about another company getting hacked. And now smaller companies are getting hacked because they typically have the least amount of security.

Security must take place from the store locations and data centers. We must also secure the input devices, including laptops or tablets, smart phones, and desktops.

While we depend on our IT security experts to keep us secure, end users must also take ownership. Your company can have a strong IT department, but if a user stutters and gives away a password or releases company data, you are at risk.

Here are 10 simple ideas to help stay safe:

1) Provide Security Awareness Training for your employees. Sharing this article with them is the beginning of the training.

2) Use different IDs and passwords for different sites, and change your passwords every 90 days.

3) When an employee is no longer employed, change all known passwords and secure all data.

4) Keep all security software up to date.

5) Never transfer funds from your bank just because you are notified via an email. Check with the sender first, usually in person or via phone.

6) Pay attention to emails and don’t download .zip files or other files that require you take action. Sometimes these contain viruses that will encrypt your files and hold your data ransom.

7) Log out of your computer when you are away from your workstation.

8) Never access sensitive data from public networks like coffee shops or airports.

9) Understand where your shared data resides. Does it reside on smartphones, home computers, shared drives? Is it secure?

10) Invest in cyber insurance and protect yourself.