Last Updated on Mar 25, 2020 by James W
Running a home business has many benefits but also a few downfalls. Most important of these is that while you will be in complete control of your financial data, that data is no longer protected by corporate security protocols. If your business accepts payments from clients or necessitates the retaining of client information in any way, it becomes your legal responsibility to protect that data. Luckily, there are a few simple things you can do to assure that the financial data of your home business remains secure and protected.
CIA (Confidentiality, Integrity, and Availability)
Much of the financial data stored today is stored on digital devices like personal computers and shared across the internet between business owners and clients. To protect this data requires an understanding of basic information security. A benchmark used for evaluating the security of information systems is CIA which stands for confidentiality, integrity, and availability of information. Essentially, to protect the financial data of your home business, information must remain confidential, possess integrity, and be readily available to those who will need to access it.
For information to be confidential, only “the right people??? should be able to access it. If information is not limited to authorized users who have been properly screened, it can be accessed by anyone. Because confidentiality protects your privacy, that of the business, and that of your clients, failing to pay attention to information confidentiality can become a violation of your client’s privacy. Laws such as the Privacy Act of 1974 and numerous others have been enacted to prevent such violations of privacy. In short, if you fail to pay attention to information confidentiality then you risk violating client privacy and legal statutes created to protect it. Integrity speaks to the trustworthiness of the information resources. If the information is confidential but cannot be trusted, then it is virtually useless. Further, if this is financial data and it is being shared with others confidentially but without integrity, you again risk litigation. One need only remember the Enron scandal in which misrepresentation of profit, revenue, and other financial data led to the imprisonment of numerous executives and the bankruptcy of the corporation.
Lastly, the information resources must be available to those who need access to it. Even if your financial data is confidential and possess integrity but is not available to employees, customers, clients, or yourself when you need it, then it will be incredibly difficult to run your business.
Cryptography and Steganography: Encrypting and Hiding Information
But that information can only be made available to those who possess the proper credential to access it. Clients may be able to access their own information but should be able the data of others. Further, to maintain confidentiality and integrity, cryptographic and stenographic methods need to be taken to protect the data. Cryptography is the science of encrypting data so that it cannot be accessed or viewed by prying eyes when it is sent across non-secure networks like the open internet. Stenography doesn’t encrypt the data from third parties but hides the data entirely. A portion of text may be encrypted or hidden within a JPEG.
Typically, data encryption is sufficient for home business. Stenography is used by large government and corporate entities that must risk cyberattacks by terrorist organizations and the like. There are numerous modes of encryption and a vast variety of software created for cryptographic purposes. You can encrypt an entire disk so that all the data on it is protected, individuals files such as spreadsheets and documents which might include confidential information, email encryption to protect information emailed across the internet, portable drive encryption for USB drives that could easily be stolen, and many others.
The use of a virtual privacy network (VPN) is the best way for encrypting data sent out onto the internet. A VPN reroutes your internet data through a third party server where it is encrypted before transmitting out to the rest of the internet. In a sense, it gives you a secure tunnel for your data to travel through. The data coming back to your device is also sent through the secure tunnel, providing protection for all the data coming and going. You and your data remain invisible to potential hackers, identity thieves, and other parasites. A VPN has other benefits as well.
Secure Web Browsing With HTTPS
Many websites that process financial information use Hypertext Transfer Protocol Secure (HTTPS) certificates rather than simple Hypertext Transfer Protocol (HTTP). The main difference between these two certificates is that HTTP is an unencrypted certificate while HTTPS encrypt all of the communications between your browser and the website. Discovering whether a site is encrypted using HTTPS is simple. Take a look at the screenshot below and look toward where the arrow is pointed:
As you can see, PNC uses HTTPS which assures that data transmitted between you and their website is encrypted. When using sites where important personal and financial data is to be shared, it is necessary to always assure that the HTTPS is present. If you have to insert your credit card information, personal data, social security number, or any other such information, always make sure that you are doing so on an encrypted server.
Not all secure websites will have the long green portion before the beginning of the web address however. The presence of this illustrates that an extended validation certificate in addition to the HTTPS certificate has been issued to the website. While this doesn’t increase the cryptographic security of the site, it does illustrate that the business in question has gone through a more extensive validation process. For this, an HTTPS certificate should always be sought when sharing financial or personal data on a website while an EV certificate is meant mostly to increase the confidence of the user and should not be sought as a first priority.
Offline Methods of Protection
Not all of your business’s financial data will be shared online. Much of it will be shared via traditional print media. In order to fully protect financial data, you should look toward both the online and offline mediums where that information is shared. Make sure you check your mailbox regularly alerting postal service not to deliver mail when you are on vacation. While highly illegal, your mail can be stolen and used by those who want to do harm to you and your business. Further, after reading you mail, do not simply throw it in the trash. Shred it and burn it. Identity thieves have been known to dig through trash bins to acquire private information from their victims. They will have a great deal of difficulty reading shredded ash.
Protecting the financial data of your home business is a necessity if you wish for your business to thrive and to reduce the possibility of litigation being made against it. To do this, you must focus on the confidentiality, integrity, and availability of information. Encrypting data of all different sorts using a VPN and the various other methods in this article is the best way to do this. In the process of encryption, you must also be sure to use only web servers with an HTTPS certificate lest you risk sharing information along non-secure networks where it become easily available to hacker, identity thieves, and other predators. Finally, make sure you pay attention to your offline mail box to assure that no important documents can be stolen and shred and burn all of those documents once you have no need of them.