Regina is a rock of her community. She has run a bakery/cafe in Memphis for 20 years, which now hosts some kind of event, group, or local music almost every night. When she gets involved in a community cause, she often offers to host at the cafe. She works hard to welcome everyone, and her customers are loyal. Regina is proud of the difference she has made in the community and the reputation she’s built.
Most days see Regina in the cafe; she also relies on 15 part-time employees and 1 full-time baker. Her cousin helps to balance the books once a month. Most of her sales come from cash, and the rest from cards. She has an older Verifone point of sale machine attached to the register. A typical week nets about $11,000, costs around $7,500, and both a bit higher in the summer.
While her community involvement has always been good for business, Regina has never really done traditional marketing. Several years ago, her daughter persuaded her to set up a Facebook, Instagram, and Twitter account. She uses her phone to post specials, event information, and her community organizing on Twitter, pictures of food to Instagram, and both to Facebook. A fair number of her clients follow the pages and like her posts. She thinks it might be helping business, especially with young people.
Every day she spends several hours working on an older computer in her home office: doing email, managing inventory, checking on social media, ordering supplies, and doing the books. She pays most of her bills by check, and a local company does her payroll and taxes. She does all her banking in person at a local credit union, and uses a yahoo account for her email.
Because Regina doesn’t use internet services to manage her money, she avoids many sources of fraud. The biggest remaining threat is for someone to copy her bank account number off a check, and drain her bank account via ACH.
Regina has only one real secret, and losing it doesn’t pose much threat to her business: credit card numbers. The last time she renewed her contract with her credit card processor, someone told her a long list of rules to follow when using it to keep the credit card numbers secret. If she didn’t follow them all and someone stole credit cards from her, they might terminate her contract. She already did some training with her staff to not write down card numbers and how to use the machine, and feels pretty comfortable that nothing terrible will happen.
Regina values her reputation, and knows that many of her customers come because of a personal respect and allegiance to her. She also uses online services to engage and advertise her causes and business. If someone broke in and posted harmful messages, it could damage both her causes and her revenue. Because of the importance of her reputation and the ease through which it could be damaged, this is Regina’s top security threat.
Because reputation is so important to her and because she uses social media to manage her reputation these days, Regina decided to strengthen her social media logins by requiring a second factor (MFA). This will make it much harder for anyone else to break in without changing the way she works.
Because it works with Facebook, Instagram, and Twitter, she chose the Lastpass Authenticator. She installed it on her phone and changed the settings in each of her social media accounts to require a secret number from that app whenever she used one of them on a new device. Then, she had to provide the secret when she next logged in on her phone and computer, and told them to trust the device. The whole process took her 40 minutes and doesn't require her to do anything extra when she uses those devices.
She also changed her passwords on those accounts, and started using Lastpass Password Manager to store those passwords. Now, the only way anyone could get into those accounts is by using either her phone or computer. She feels safe that her social media accounts are completely in her control.
Ideas for Later
A new computer
Regina is also considering replacing her computer with a newer one. Her computer runs Windows XP and works just the way she likes it, but it’s old and she knows old computers aren’t as secure. If she got a virus, that virus would allow the person controlling it to get onto her social media because she told the social media sites to trust her computer, and any virus would control her computer. Regina has two options: upgrading to Windows 10, or switch to a Chromebook. Windows 10 would feel more like what she’s used to, but a Chromebook is much cheaper, more reliable, and immune to viruses.
Estimated cost: $300-$600, plus about 15 hours to readjust to the way things work.
Use a credit card
Regina may also switch from using checks to a credit card for her business expenses. As a business owner, she understands that using a credit card means that her vendors gets paid about 2% less, and knows that pain. She also knows that credit cards almost eliminate that source of fraud – the fewer checks she writes, the lower her chance of ACH fraud, and her credit card company offers that she can contest any credit card charge up to 6 months later and have it covered. Doing both is also an option: pay her high-value, trusted vendors such as payroll and her landlord with checks, and everything else with a card.
Estimated cost: annoying her vendors.