6 basic things small businesses can do for online security.

Apr 11 2018 | PayPal editorial staff

Managing your personal and financial identity online is extremely important. 
While attempts to hijack or overcome technology in order to defraud people and businesses are evolving quickly, there are still certain steps you can take to help protect your online security and your business.  

1. Don’t send sensitive personal or financial information via email.
This includes account numbers, credit card numbers, Social Security numbers, passwords and logins, and more. If you need to provide the information, do it over the phone.

2. Enable automatic updates for your applications and software to prevent malware.
Popular applications and operating system software are complex and often have minor bugs - making them targets for hackers. Some examples include:
  • Web browsers like Internet Explorer, Chrome, Firefox and Safari
  • Microsoft Office
  • Adobe Reader
  • Adobe Flash Player
Hackers often find and exploit bugs to install malicious software, also known as malware. Fortunately, most device makers and application developers provide regular updates to operating systems and applications.

Even so, the catch is: when security updates are published, the software company and developers usually indicate the issues they’ve addressed. Hackers, who were previously unaware of the software issue, may now choose to focus on the software or application to exploit other vulnerabilities.
It’s always a good idea to keep your system up-to-date with the latest releases. The easiest way to do that is to enable automatic updates for your system and applications when possible. Normally this is managed through the Control Panel on Windows and under Preferences on MacOS.

3. Don’t forget about OS updates, using anti-virus software, and enabling auto updates for both.
Just like a human virus, software viruses and other malware can spread in many ways, and it won’t always be clear how it got onto your system. Along with exercising caution, we recommend using an anti-virus software, which can help protect you by detecting and addressing known malware on your system.
If enabled, most anti-virus software are capable of running scheduled scans and checking incoming emails for malware to help prevent them from being downloaded into your system. Historically, malware has been associated with personal computer systems, but are now common on portable electronic devices such as tablets and smartphones. Also consider anti-virus protection for your tablet and smartphone.
Tip: Automatic OS updates are managed through the Control Panel on Windows and under Preferences on MacOS.

4. Don’t click on suspicious links.
Especially beware of things that seem too good to be true including:
  • Free downloads. Malware are often embedded within other software programs and some malware masquerades as a game or screen saver, just waiting for you to install it. Watch out for these “freebies.” 
  • Unexplained “virus detected” messages. Another common strategy is the fake virus test. You get a message saying there’s a problem and it prompts you to download software to ‘fix it’, but the software could contain malware.
  • Email attachments. If you receive an unexpected email from someone with an attachment, be suspicious. If the email has only a short, non-personal message like “This is funny!” with an attachment, be even more suspicious. Check the sender’s email address if you’re in doubt. If you’re still skeptical, but think you need to see the attachment, call the sender and ask. You may find that the sender’s email account was hacked and is now being used to send out malicious SPAM. 
5. Create unique, secure passwords.
This includes:
  • Using a combination of special characters, letters, and numbers and;
  • Using unique passwords for multiple accounts
For more information, read this article on how to create and manage passwords for security.

6. Check all partner company’s security measures.
If you’re sharing personal or financial information with a company, you should always understand the security measures they take to protect your data. For example, PayPal uses industry standard data encryption to help keep your sensitive information and email communications secure. Learn what else PayPal does to protect the personal and financial information of our more than 200 million account holders.
You can also access additional information about protecting your online security by reviewing our FAQs at the bottom of this page.


The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

Was this content helpful?

Frequently asked questions.

You can enable a new mobile PayPal Security Key online by following these steps:
  1. Click the Settings icon next to "Log out."
  2. Click Update beside “Security key."
  3. Click Get security key and follow the steps.

The PayPal Security Key gives you a second authentication factor when you're logging in to your account. In addition to your password, you enter a One Time Pin (OTP) that’s unique for each login. These two factors provide stronger account security.
  • The PayPal Security Key sends you a temporary security code via SMS that you enter in addition to your password to log in to PayPal.
  • There is no fee to use the PayPal Security Key, however your standard text messaging rates apply when you receive a security code by SMS. Check with your mobile provider for details.
You can enable a new mobile PayPal Security Key online by following these steps:
  1. Click Settings.
  2. Click Update beside “Security key.”
  3. Click Get security key under "Order or activate a security key" and follow the steps.
You can change the status of your PayPal Security Key online by following these steps:
  1. Click the Settings icon next to "Log out."
  2. Click Update next to "Security key."
  3. In the table, choose the security key whose status you’d like to edit, and click either Activate or Deactivate.
Withdrawals can take up to 72 hrs to complete through the PayPal system. Generally they will complete within 1 business day and it will be within 30 minutes if you choose one of the instant withdrawal channels, however we will occasionally hold a withdrawal for further review. To provide one of the safest online payment services, our internal security system reviews every transaction before it's released.

This type of review can happen for various reasons. For example, you may have received a higher-than-usual amount of money into your account, you may be logging in from an unsecure network or you may have made changes to your account Settings recently.

Once our review has finished, your withdrawal will show as ‘completed’ and will be processed to your card or bank account as long as the review did not turn up any issues. Withdrawals to bank accounts can take 3 to 5 working days.