Posts

Business Credit Scores 101

Are you a small business? Do you know your business’s credit score? The range is zero to 100 for most credit reporting agencies, with at least 75 being desirable if you want to be approved for financing and trade credit (business loan or line of credit), says a report at NAV.com and from Gerri Detweiler’s new book, Finance Your Own Business.

1SWhat determines credit score of a business?

  • Size of business
  • Payment history
  • Outstanding debts
  • Credit history length
  • Credit utilization ratio
  • Industry risk
  • Public records (which the credit agencies are always inspecting)

The credit score of your business may be different among the different credit reporting bureaus. The nav.com article summarizes the three most common bureaus below.

Dun & Bradstreet PAYDEX (zero to 100)

  • Based on the total number of payment experiences in D & B’s file, this is a dollar weighted indicator of the company’s payment performance.
  • Vendors and suppliers favor the PAYDEX.

Intelliscore PlusSM from Experian (zero to 100)

  • This credit risk score is statistically based and predicts the likelihood of payment delinquency in the subsequent 12 months.
  • This score incorporates multiple factors and is quite reliable.

FICO® LiquidCredit® Small Business Scoring Service (zero to 300)

  • The SBSS rates applicants by their odds of making payment deadlines.
  • The SBSS score is used for credit line and loan applications (up to 350K from the Small Business Administration).
  • 140 is the minimum score to pass the Small Business Administration’s pre-screen process.

Using Business Credit Scores

  • Lenders want to know how well your company pays debts. They won’t want to lend to you if your credit score is low.
  • When is the last time that you reviewed your business’s financial information? This should be done on a recurring basis.
  • Credit scores fluctuate and are not immune to calculation error. Contact the credit agency if you spot an error or it seems that your score is lower than it should be.

Improving the Credit Score

  • Companies can raise their score by avoiding late payments, among other actions. Improving the score won’t happen overnight.
  • Credit utilization should be about 25 percent.
  • Open several credit accounts.

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing identity theft prevention.

Protecting Your Business’s Data From Organized Crime

Organized crime rings are using brains, not brawn, to target small businesses and steal critical data. Protect your business by putting these 11 security measures into place.

1DOrganized crime has always been known to be all about muscle … but even the bad guys have evolved. Seems organized crime syndicates have discovered that more money can be made in less time with less hassle simply by employing brains over brawn.

As technology and technology skills have evolved, it’s become painfully easy to employ hackers to break into small businesses’ networks and seek out sensitive data and personal information.

Meet the members of your friendly neighborhood crime ring:

Programmers: skilled technicians who write and code viruses that target a business’s network PCs.

Carders: specialists in distributing and selling stolen card data and sometimes transferring data onto blank “white cards” then embossing them with foil in order to create exact clones.

Hackers: black-hat intruders who look for and exploit vulnerabilities in networks.

Social engineers: scammers who may work with psychologists who dream up the different scams and then con victims via phone, phishing or in person.

Rogue systems providers: unethical businesses that provide servers for criminals.

Money mules: often drug addicts or naïve Americans who buy items at retailers with stolen credit cards. Some mules ship products, and others launder money. Mules may be from a foreign crime syndicate’s nation and travel to the U.S. to gain employment within an organization and open bank accounts to store money until transfer.

Bosses: in charge of the entire operation. Bosses delegate, hire talent and make all the money.

Why Target Small Businesses?

Organized criminal hackers all over the world use sophisticated hacking tools to penetrate databases that house a small business’s client data. In general, they’re seeking:

  • Social Security numbers
  • Credit card numbers
  • Bank account information
  • Home and business addresses
  • Birth dates
  • Email addresses

Why do they do it? Simple—their primary motivation is to get paid. They accomplish this by opening new lines of credit or taking over existing accounts. Transactions include making charges to credit cards, initiating electronic fund transfers or using email addresses for large phishing or spear phishing campaigns.

How Hackers Hack

Hackers are the bad guys who use penetration-testing tools—both legal and illegal—that are available commercially or only available on the black market. Their tools come in different forms of hardware and software that seek out vulnerabilities within a small business’s network.

Vulnerabilities may be physical, as in facilities vulnerable to intrusion, or may be people who are vulnerable to social engineering. Virtual vulnerabilities exist in a business’s Internet connection (whether wired or wireless), an outdated browser or an outdated operating system—any of which may be vulnerable if they don’t have updated security patches. Vulnerabilities can also be exposed via social engineering: A criminal simply gets on the phone, sends an email or shows up in person and cons a target using any of a variety of methods.

Protecting Your Data

There are plenty of ways to get taken. But there are also plenty of ways not to. The fundamentals of protecting your business’s data include:

  • Maintaining updated operating systems, including critical security patches
  • Installing and running antivirus, antispyware and antiphising software and a firewall
  • Keeping browsers updated with the latest version
  • Updating all system software, including Java and Adobe
  • Locking down wireless Internet with encryption
  • Setting up administrative rights and restricting software, such as peer-to-peer file sharing, from being installed without rights
  • Utilizing filtering that controls who has access to what kind of data
  • Utilizing Internet filters to block access to restricted sites that may allow employees or hackers to upload data to Cloud-based storage
  • Possible disabling or removing USB ports to prevent the downloading of malicious data
  • Incorporating strict password policies
  • Encrypting files, folders and entire drives

These 11 steps are a good start. However, standard security measures are never enough. Depending on the size, scope, type of data requiring protection, compliance and regulatory environment, possible insider threats, and what “bring your own device” policies may be in place, risks and threats must be defined and prioritized. This often requires consulting a professional.

There are two considerations small businesses must take into account that go beyond a low-budget, “do it yourself” mentality:

1. Data loss prevention and risk assessment software. This type of software monitors an entire network’s activities and behaviors to seek out events that might lead to a breach and then stop them before data loss.

2. Penetration testers. These are white-hat hackers who use similar tools as black hats to seek out vulnerabilities and exploit those vulnerabilities as far as they’re allowed by the client. They might use automated tools to seek technology vulnerabilities, or employ virtual or physical social engineering. For instance, some penetration testers will test the physical security of a building during or after hours. Penetration testing involves real-world attacks that have been proven to work elsewhere, along with seeking out flaws in a business’s networks.

The worst thing any small business can do is nothing. Failure to test your networks and put layers of security in place will inevitably result in a breach. Forewarned is forearmed.

Robert Siciliano CEO of IDTheftSecurity.com, personal security and identity theft expert and speaker is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen. See him knock’em dead in this identity theft prevention video.

Protect Your Small Businesses with Secure Flash Drives

USB flash drives are handy little devices that can cause big security headaches. Even with robust datasecurity policies USBdrives often fall thru the cracks (and out of pockets). These flash drives are often used by employees for both personal and business use which could potentially spread a virus from a home PC to the corporate network.

Additionally, lost USB drives among other devices with storage can cause even bigger headaches resulting in data breaches. A survey by a U.K.-based company found that last year, 4,500 USB flash drives were forgotten in the pockets of clothes left at the dry cleaners and thousands more handheld devices were left in the back seats of taxis.

Computerworld reports a 2007 survey by Ponemon of 893 individuals who work in corporate IT showed that:USB memory sticks are often used to copy confidential or sensitive business information and transfer the data to another computer that is not part of the company’s network or enterprise system. The survey showed 51% of respondents said they use USB sticks to store sensitive data, 57% believe others within their organization routinely do it and 87% said their company has policies against it.

Flash drives can be a security mess. Organizations need to have business security policies in place requiring secure flash drives and never plugging a found stray catinto the network either.

Ensure all data stored on a secure flash drive is encrypted. TrueCrypt is a software system for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password/keyfile(s) or correct encryption keys.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures