A Cybersecurity guide for Entrepreneurs & Small Businesses
Think about the three websites or online services most important to your business.
Now think about how you would feel if those services weren’t available tomorrow, or for the next few days. That’s the scary reality for a business that gets hacked. A criminal now has access to your data, your online identity, your customer details or maybe even your customer’s data! Ransom demands, reputational damage and loss of vital business documents and files are unfortunately an all-to-common occurrence.
Securing just five areas of your business online will make you more than 98% less likely to be the victim of cybercrime, lose data or have your systems hacked.
Passwords are the easiest way for criminals to gain access to your online accounts, due to ever-increasing complexity requirements on websites, it’s often easier to use the same password across multiple websites often with a common word that is easy to guess.
If you use the same (or similar) passwords across multiple websites or base your password on information about you such as the names of your children, pets or spouse, you should start using a password manager. Managers such as LastPass — https://lastpass.com will allow you to have secure, unique passwords on every website
If you are wary of online password managers, KeePass — https://keepass.info is a secure, offline password database, you will need to make sure you back this up safely and securely.
An area that is often overlooked is the password reset questions, default questions such as “What is your mother’s maiden name?” or “What is the name of your pet?” are extremely easy to find out with a small amount of research on social media. Make sure your password reset questions are based on information that isn’t available online or to anyone that knows you, make up fake answers that are different for each site and store them in your password manager.
2. Two-Factor Authentication
Two-factor authentication (2FA) is used when you log on to an online service, after you’ve typed your password in, the website will require another form of authentication such as a code sent to your phone via SMS. You should enable 2FA on all your online accounts.
2FA apps such as ‘Microsoft Authenticator’ and ‘Google Authenticator’ make this process even simpler by providing a simple “accept login” button on your phone when you log in to a website.
A ‘phishing’ email is an email that tricks you into giving away details such as your username or password — 91% of successful data breaches started with a phishing email.
Be aware of any email that asks you to perform an urgent action with consequences: “click here now or lose access to your account” is a good example of this.
Check the sender of the email, is the domain what you were expecting? look for similar sounding names such as firstname.lastname@example.org or email@Mlcrosoft.com
Ransomware is the biggest cyber threat facing businesses today, damage of around $5bn was done this year alone. Most of this damage was avoidable if computer systems were updated to the latest version, always install updates on your system as soon as they are available.
Bugs found in applications and websites are often exploited to gain access without the need for a login, installing the latest updates for your applications is a great idea. Updating your website and all plugins to the latest version is essential.
Following the steps above will make you much less likely to be hacked or lose data but there are unfortunately no 100% guarantees, having a good backup system you can rely on is essential.
Don’t rely on Dropbox/OneDrive for backup, these services are connected to your laptop, and so can be encrypted with Ransomware too. Make sure your backups are stored offline and are not directly accessible
· Make your passwords long, complex and unique — use a password manager
· Enable 2FA for all online services that support it
· Beware of attachments, links or any email that asks you to perform an urgent action
· Update your applications, computer (Macs too!) and your website
· Backup, backup, backup — test regularly and have it offline
More guides, information and help to stop hackers and secure your business at raw-it.co.uk
About the Author
Chris Gough spent 15 years in Technical IT Infrastructure roles working with large, enterprise customers across a variety of sectors. He founded RAW IT to help raise awareness, train and protect small businesses and entrepreneurs from hackers and cybercriminals. about.me/chrisgough