Security is a critical aspect of running any business. This applies to the physical security of your office and your team, which creates a safe work environment. It also applies to digital security, and the protection of the technologies we utilize in our day-to-day jobs.
Digital security breaches are becoming increasingly common, and increasingly large. Earlier this year, more than 2.2 billion hacked account credentials were published. This data — which included many previously compromised email addresses and passwords — were dumped on the internet for anyone to find.
What are the implications for your business?
5 Basic Security Tips for Businesses
Because of the fact that people often reuse passwords across platforms, attackers will attempt to use those emails and stolen passwords across platforms to break into other accounts. If you or your employees are compromised, your business accounts may also be at risk.
While it can sound like a helpless situation, there really are a few things you can do (short of hiring a security expert). As a business owner, there are many steps you can take to keep yourself protected. Here are five to get you started.
Enforce Two-Factor Authentication (2FA)
Enforce 2FA on all your accounts related to your business as a company policy, especially those for banking and other sensitive transactions. This significantly increases the level of difficulty for attackers looking to compromise an account, even if they have somehow stolen the password to the account.
Enable the protections afforded by certain sites or tools that your business uses. Many platforms and applications can provide a token, remember devices, and prompt users to change passwords after certain amount of time out.
You can also encourage employees to use 2FA on their personal accounts that aren’t related to the business as an individual precaution.
Your starter guide on creating an employee handbook.
Enforce the Use of Strong, Unique Passwords
For company and business-related logins, enforce a policy that your employees utilize strong, unique passwords for logins. The unique part is especially important. Why? If your password is stolen and dumped, but you haven’t used that password anywhere else, you don’t have to be concerned about your other accounts being hacked.
It’s also a good idea to use a password manager. Some examples are 1Password, LastPass, and Dashlane. These applications help create unique and strong passwords that the system saves, so you don’t have to remember each one.
Based on the above, do you feel confident that the passwords you currently have in place are strong enough? If not, change them right away. It’s a great first step toward protecting your accounts.
Be Aware of Scams in Emails
Phishing and social engineering are a couple of ways that attackers can target you or your employees through email. A common ruse is a message claiming you have an undeliverable UPS or Fedex package to get you to give your information. Also, watch out for spoofed emails pretending to be from someone at your company or others you know.
Hover your cursor over hyperlinks included in emails you receive to view the actual URL. Ensure the URL is actually related to or associated with the company whose website you are trying to visit. Refrain from supplying log-in credentials or personally identifying information in response to any email.
Educate Your Team
Providing security awareness education for all your employees cannot be overstated. Make your team aware of all the above information, especially around phishing in emails. Scrutinizing an email before clicking any links or attachments is an important precaution everyone can take.
Update and Sunset
Security flaws in applications, systems, and devices can be exploited by hackers. Applying security patches ensures you’re keeping up with the security updates released to address discovered flaws. If this is totally outside of your comfort zone, don’t worry. There are many IT consultants and support services that you can hire for help. Having antivirus and antimalware protection in place is also an important step toward protecting your company.
End-of-life technologies typically do not get updated, and as such, use of these technologies should be discontinued. If you aren’t sure whether a certain technology is end-of-life, checking the websites for each product is a good place to start.
This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for, legal or tax advice. If you have any legal or tax questions regarding this content or related issues, then you should consult with your professional legal or tax advisor.