From Equifax to CareFirst, data breaches have already found their way into the news in 2018. The most frightening thing about this for small business owners is that every new hack increases the chances that your data will find its way into the hands of someone who can use it to do some damage. At the same time, you may have limited resources to invest in protecting yourself from being targeted.
The good news is there are several inexpensive cybersecurity measures you can take to ensure your small business is prepared.
Here are 6 to help get you started.
1. Change Your Passwords
The simplest thing you can do to up your security and rest easy at night knowing your data is safe is to change your passwords. If you haven’t already, you should run your key emails and usernames through Troy Hunt’s HaveIBeenPwned tool, which runs your information through any personal account data that has been illegally accessed and then released into the public domain. As Troy puts it, “Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occur.” It’s important to keep in mind that this is only publicly released information, so it’s entirely possible (and in fact quite likely) that there are other breaches we haven’t yet heard about.
At the same time, it’s best to avoid changing login information so frequently that your users suffer password fatigue and settle for variations on the same theme. In 2016, the FTC’s Chief Technologist Lorrie Cranor made headlines for promoting research by UNC-Chapel Hill showing this to be the case. “The UNC researchers said if people have to change their passwords every 90 days, they tend to use a pattern and they do what we call a transformation,” Cranor said, “They take their old passwords, they change it in some small way, and they come up with a new password.” These incremental changes are far easier to guess than would normally be possible.
2. Use a Password Manager
If you really want to get serious about passwords, you’ll want to use a password manager tool like LastPass, Dashlane, or Sticky Password to keep track of everything for you. These tools help you use unique, secure passwords for every site you need while also keeping track of all of them for you. That way, you get the security benefits of changing your password, without having to worry about making things hard on your employees. Even better, if you need someone on your team to log into any of your accounts you can share password sets so they can update your website, post to your social media accounts, and much more.
3. Delete Any Unused Accounts
An easy way for an attacker to gain access to your network is to use old credentials that have fallen by the wayside. If you’ve gone through multiple employees or transitioned to a different system, you can end up with several old accounts if you don’t have a good offboarding plan in place. When you’re looking at ways to up your security on a budget, doing some housekeeping on your old accounts is a great place to start.
4. Enable Two-Factor Authentication
If you haven’t already, you need to think about enabling two-factor authentication to add some extra security to your logins. Generally, it’s as simple as registering a phone number or installing an app, but it adds that extra layer of security that makes it harder for an attacker to get into your accounts.
5. Keep Your Software Up to Date
Software updates always seem to pop up at the most inconvenient time, and so it becomes easy to dismiss them and save it for a later date. The thing is, the reason that you’re being bugged to update your software is because it’s, well, bugged. Equifax, one of the biggest data breaches in recent memory, happened because of an unpatched software vulnerability.
As with passwords, the thing to understand here is that once these vulnerabilities become public, hackers go looking for people running that specific software who could be vulnerable. If you’ve been meaning to get around to installing an update, take the time to do it. Even if it pops up at an inconvenient time, it’ll almost certainly cost you less time to install an update than it will to deal with an actual data breach.
6. Training to Identify Phishing and Spear Phishing Attacks
One of the most popular and effective ways for hackers to attack a particular target is through phishing and spear phishing attacks. Phishing attacks are more generalized, but spear-phishing is personalized to each target and can often be extremely convincing. The only way to be sure that your organization will be safe is through training. Your employees need to understand everything that is possible in a spear phishing attack, and what details they can be on the lookout for in order to be ready if you are targeted.
What You Can Do Right Now
Cybersecurity is vital to any small business, even when there isn’t necessarily the budget there to support a big IT initiative. Luckily, there are many steps you can take to improve your resilience that won’t break the bank.
Here’s what you can do right now:
Check on your login credentials, and change your passwords accordingly.
Update your software as soon as possible.
Train your staff to identify threats.
Take advantage of security tools like password managers and two-factor authentication to increase your security.
- How to Reopen Your Business After a Shutdown – Four Important Steps - July 14, 2020
- 8 Best Practices and Technology Tips for Remote Employees - March 30, 2020
- How to Stay Connected to Customers While Employees Work from Home – Six Tips - March 28, 2020