Every day there seems to be a new data leak from the world’s largest companies.
The recent Equifax breach led to the data theft of 143 million people. While small business leaks don’t create the same kinds of headlines as Equifax, they are being targeted by hackers in droves.
Small business owners are easy targets because most of them do not take the basic security precautions that would protect their business from cyberattacks. As business owners lock the doors at night and install security cameras, they should also incorporate basic online security precautions as part of modern best business practices. It can be inexpensive, fast, and help your business get ahead, since many small businesses (and likely several of your competitors) do not.
Here are eight easy steps that make both you and your business more secure.
#1 - Keep Your Computer Updated
This is the number one most recommended step by security experts. It’s also the easiest step to take. Always make sure to download the latest updates for Windows or MacOS. Microsoft and Apple have teams working hard everyday to patch security holes. All you have to do is install the updates!
To do this, just enable automatic updates. They usually install at night so they don’t bother you during the day. If you have an older version of Windows, do your business a favor and go buy Windows 10. Most older versions of Windows are no longer receiving security updates.
Cost - $199 for Windows 10 Pro or $19.99 for MacOS
#2 - Don’t Send Passwords Through Email
Obvious enough? Unfortunately, emailing passwords is a common bad habit because it’s just so easy. The security rule-of-thumb for email is to assume it’s all public. This means you should never send any kind of sensitive information over email, especially passwords.
Instead, ask the recipient for their cell-phone number and send them a text message instead. Many messaging apps, such as WhatsApp, have end-to-end encryption to protect chats.
Cost - free
#3 - Use a Password Manager
Most people have way too many passwords to remember, and small business owners have even more. To make things even more challenging, many websites now ask you to change your password every 30 to 90 days. These passwords are increasingly required to become longer and longer with more special characters. Sometimes it’s just easier to start cutting corners by using variations of the same password over and over again. So how can you maintain strong passwords without cutting corners?
The easy answer is to stop trying. Instead, use a password manager that stores all of your passwords and generates long, complex passwords when they expire. Use a free password manager like KeePass, or an online password vault such as LastPass. They help you build better password habits.
When you do need to remember a password, like the one for your password manager, try using a sentence instead of random characters.
Cost - free
#4 - Update Your Wireless Internet Router
Remember that wireless internet router gathering dust in your utility closet? When was the last time you downloaded a security patch for it? Or replaced the password from from the default “admin/admin”?
Routers have security vulnerabilities just like any other device, but most people never bother updating them. That means that someone could be surfing your network without needing your WiFi password, or simply viewing your Internet traffic, seeing things like the login to your online banking.
Take the time to login to your router and download the latest patches. Using the same router as you did 10 years ago? Maybe it’s time for a new one.
Cost - free, or $99 for most routers
#5 - Use Anti-Virus Software
Antivirus and anti-malware software has been around as long as the internet. This software actively monitors your computer for malicious files. It also helps protect you from ransomware, which is when a virus is installed on your computer, then holds your files ransom until you pay the fraudsters to release them.
Don’t assume that your Mac or smartphone can’t get viruses either - they are often just as susceptible to malware as Windows. Most antivirus programs come with a complimentary app for your phone as well.
What to take it a step further? Install a personal firewall such as ESET’s Internet Security, which warns you every time a new program tries to communicate out to the internet.
Cost - $30-100/year for a subscription
#6 - Encrypt Your Hard Drives
Having a password on your computer does not mean that your files are protected; your files are actually quite easy to access even without your password. Imagine someone breaking into your business and stealing your computer, or your laptop getting stolen at the airport. Imagine the thief now having all of your files. Not a great feeling right? But what if all those files were encrypted? The monetary loss of your laptop would be unfortunate but your data would be secure.
Encrypting your hard-drive is actually quite easy. For Windows, you need to upgrade to Window Pro. You then right-click on any drive and select “Encrypt with BitLocker”. For Mac computers, the feature is called FileVault and is available to all MacOS users.
Cost - Included in MacOS, $199 for Windows Pro
#7 - Secure Your Wi-Fi
Before WiFi, a fraudster had to break into your business and plug a computer into your network to access it. Now, they can just sit outside your building and connect by using your WiFi.
While disabling your WiFi is the best way to secure it, it’s not a popular recommendation. But there are ways to make things more secure. First, make sure to use a strong password and use the strongest cipher-type when making a selection.
Most routers will also let you create a separate Guest WiFi, so that you keep your patron and business networks separate.
Cost - free
#8 - Use Two-Factor Authentication
Having a password is not enough; it’s too common to have them stolen, and most people have the bad habit of using the same password for everything.
Two-factor authentication helps by adding another level of security on top of your password. Two-factor is about having two items to authenticate yourself: (1) something you know, such as your password, and (2) something you have, such as your phone or a key-token. This way if someone gets your password, they can’t login because they don’t have the second item.
More and more service providers, including Gmail, are starting to offer two-factor authentication. It can be as easy as getting an SMS text message sent to your cell phone that gives you a temporary PIN code when logging in.
Cost - free
Putting a few hundred dollars into these basic online security practices will let you sleep better at night. While these eight steps will not transform your business into Fort Knox, they will go a long way into making your business more secure. Remember that fraudsters love to go after easy targets so any step you take to increase your cyber-security makes their work harder. It may even prompt them to move on to an easier target - much like a deadbolt and a security camera.