Guest Post: Ten Methods to Strengthen Your Small Business' Cyber Security
⌛ By Jared Staten ⌛
At one point or another in our lives, all of us have been “hacked” or impersonated online. Whether it was with a simple password to an account you didn’t care about or something more serious as identity theft, cyber security has been on the rise as a major concern over the past decade.
Though some companies rely completely on their IT departments to ensure cyber security, not everyone has the funds or the understanding for either or both. This can create a concern for you and your growing business. It’s time for you to pour some more coffee and learn a little bit about what you need to do to protect yourself the best you can.
Why do I need to learn? Shouldn’t I just have the local high school kid help me out?
Simply put, the world is technologically reliant and the day-to-day tasks of using it should be partnered with knowing what dangers are out there and how to avoid them. Small business owners do not have the luxury of other people doing highly specific tasks that they went to school for. All you have is yourself. You’re a one stop shop. If you’re going to learn about invoicing, types of tax-exempt organizations, contracts, and ethics, you should learn a little about cyber security. Yes, having the local high school student help you out is a good start, but what happens when they stop being helpful? You’re in the same spot. Learn it for yourself so it’s easier to manage and can be dealt with immediately if the need arises.
Okay, mysterious internet person. Since you’re on the internet you’re completely right. What now?
Computer Security Day is November 30, 2018. Here is a small list, in no order of importance, compiled to help you understand what you can do to tighten your online security along with your local area network (LAN):
Educate Yourself (and others if you have staff): If you’ve made it this far, you’re already achieving the first thing on this list. Most of the cyber security incidents that happen are due to neglect or people who are uneducated in cyber security. Making yourself aware of the dangers will reduce your risk and greatly reduce you as a target. You can also look for free webinars or training online.
Passwords: Saving your passwords in the browser of your choice might be great for convenience, but it makes your password remembering skill atrophy. This is rather important because in today’s world most your business tools will be accessible online, though you might not always have your computer handy. Your passwords should be different from one another and be complex, which the service you use will always tell you what characters you can and can’t use for your passwords. If you have problems remembering them all, there are password managers like LastPass, LogMeOnce, and KeePass out there to help those who have a lot to keep up with.
Dual Factor Authentication: This is a good industry practice to use when made available by any service that offers it. Dual factor authentication is a secondary safeguard to make your accounts harder to access and more secure. They work by either giving you an application with a code that cycles about every 60 seconds or can send you text messages with your authentication code. This code is typically needed after you enter your password. If neither of these are accessible, they also have codes you can print out and keep with you as emergency back-up codes if you lose your other means. The service will let you know if you need to download an app or sign up for text alerts.
Unrecognized or Unknown Media: USB drives are dime a dozen anymore, and on several occasions, I personally have found one laying on the ground and our curiosity gets the best of us and we decide to see what’s on there. These harmless USB drives could be on the ground for a reason. They could be used to deliver payloads to install Trojans or backdoors onto your system. A USB Rubber Ducky or other similar tools have gained a lot of popularity amongst hackers and security enthusiast as most people ignore USB drives and think they’re safe. USB drives aren’t the only ones you have to look out for. CDs, phones, and even tablets can have these payloads on them as well. Trust only the ones you know.
Social Engineering: Social engineering is a tactic that has been in use for decades. The idea is to manipulate you into answering questions that you wouldn’t normally answer. Some of it might be as blatant as asking you questions about birthdate and address or your mother’s maiden name, others might be slightly less obvious. Here is a perfect example of how it works. Get familiar with the services you use and the way they request information from you. This will be disclosed in some form either in their agreement with you or on their website.
Phishing: Phishing is another tactic that has been used for a while. It goes hand in hand with social engineering and uses the same approach. In email form, these can be quite hard to spot. They can look exactly like an authentic email sent from a service that you are using; however, these emails typically have a telltale sign such as poor grammar and spelling, asking for money, misleading or wrong URLs, or asking for personal information.
Lock Down Your Devices: Hackers aren’t the only type of people you need to protect yourself against. Thieves can become an issue as well. Encrypting your devices and putting complex passwords on them will help in the event of a theft. Mobile devices also can be tracked by services such as Find My iPhone or Android Device Manager which will locate the device via GPS. A great perk of these services is the option of erasing the mobile device remotely to keep all your data from being compromised.
Use an Anti-Virus: On occasion you will accidentally click something you weren’t supposed to or open a file you shouldn’t have. These things will happen. The price tag of anti-viruses isn’t as steep as they have been in the past and buying a subscription to use one is a smart move. Most even offer to cover more than one device when you buy, including mobile devices. Some of the better ones include Webroot, Bitdefender, and Kaspersky.
Back Up Your Data: In the event of a theft, ransom-ware, or virus that ruins your hard-drive you might be left hanging without any of your data. Utilizing back-ups is quite important. Using cloud back-ups stores all your information in the cloud where redundancy is paramount. This also gives you the ability to access it from anywhere you have an Internet connection. The downsides to this is file size and number of files. Depending on what you back up can be costly as well as extremely time-consuming depending on your connection speed to the Internet. If you’re worried about housing your data online, invest in external hard drives and USB drives.
Use a Virtual Private Network (VPN): Using a VPN is good practice in general and they’re free or cost little. What a VPN does is create a secure tunnel from you to a remote network where it routes your traffic from there out to the Internet. This secure tunnel will encrypt your traffic making it more secure in transit. This will also change your online location making it seem you’re out of the city where the VPN is located. VPN vendors include NordVPN, Private Internet Access VPN, IPVanish VPN, and CyberGhost VPN.
Cyber security cannot be emphasized enough in the ever-growing world of online business. Though this list is small and comprehensive, there is still lots of other information out there: zero-day exploits, wardriving, man-in-the-middle attacks, and the like. I encourage you to learn as much as your brain or attention span will let you. The more you know, the better prepared you will be.