If your company conducts business online, stores sensitive information on the organization’s computers or even does something as innocuous as sending emails, you’re in danger of being compromised by criminals. These cyber-attacks are being carried out on small businesses at an alarming rate and cause all kinds of damage including but not limited to loss of data, loss of income and, arguably worse than either one of those, loss of your customer’s trust.
But don’t fear because this week we’re taking a look at a few ways that you can shore up your team’s security and avoid all of these headaches.
Show of hands, how many of you use ‘password’ as your password? Good password housekeeping is one of the most easily controllable variables in the cyber-security equation. “I’ve got too many of them to remember.” “Things are still broken from the last time I changed it.” As an IT guy in my former life, I’ve heard all of the excuses imaginable, but I’m here to tell you that protecting yourself and your business is worth all of the short-term “inconvenience” that you may experience.
- Make sure to change your password often. Lots of larger organizations have policies in place from the IT departments that force a password reset after a predetermined amount of time. Don’t try to circumvent the system by buddying up to your local tech. They know what you’re doing. They don’t like it.
- Make the new password complex. Resist the urge to just tack on an extra digit to your existing password and come up with something that will be hard to guess. Don’t be afraid of the shift+number keys, they’re your friends. A good rule of thumb for password creation is to use 12-14 characters that include some numbers, symbols and upper/lower case peppered in there for good measure.
- Don’t leave them written down on your desk. I can’t tell you how many times I’ve seen this, sometimes with the words “computer password” written in bold block letters at the top of the sheet of paper. You should treat your PC like your ATM card. Protect it.
2. Train Your Employees
The old wise adage of “Knowledge is Power” definitely applies to your company’s digital well-being. According to the Society for Human Resource Management, training your employees on the risks of cyber-attacks can cut your risk of exploitation by 20%, making it a good idea to create a policy and train it out on a yearly or bi-yearly basis. Of the more popular areas to cover with your team:
- Don’t open suspicious emails. Most people know that it’s never a good idea to click a link from an unknown source but cyber-criminals have gotten more sophisticated over the years, now easily able to spoof familiar email addresses and make it look like Aunt Deb has sent you a link to a fun video. What could it be? Is it two puppies clumsily wrestling in a mud puddle? No. It’s identity theft and it will make a much bigger mess. Incorrect grammar, misspellings and a tone that just seems kind of “off” in general are all pretty good indications that something may be rotten in Outlook. It doesn’t hurt to reach out to the sender (in a new email or, gasp, over the phone) and confirm that they sent the suspicious message.
- Don’t install any software with your IT department. I know, I know, you can handle doing a simple Flash update right? Well, there’s a pretty good chance that the pop-up advising you to update your flash player is a fat load of nonsense and clicking that install button is equivalent to just mailing the criminal your wallet and laptop in a gift-wrapped box. Fun story, I once had a user fall for this common scam and it unleased a vicious little virus that corrupted all of the files on his computer, effectively transforming his laptop into a very expensive five-pound paperweight. All that he did was “install the flash update” but it turned out to be a costly lesson that he learned in cyber-security…and again two more times after that. Just give the IT department a heads up on the updates and save some time and money.
3. Keep Your Software Updated, aka let the IT department keep your software updated.
You know that little annoying icon that your antivirus keeps popping up in your face every 45 seconds? The one that says something like “Your virus definitions are out of date. You are unprotected.” Yeah, those are bad. You’ll want to fix those. The great thing about modern operating systems and antivirus software is that those companies are constantly working to patch holes and keep you safe from the prying eyes and sticky fingers of the cyber-criminal, just help them help you by keeping your machine up to date!
This isn’t meant to be a comprehensive list to keep you safe. In fact, the bad guys are always out there, working harder and harder each day to gain access to your sensitive information, but staying vigilant against possible threats and keeping your employees educated in the dangers that lurk in the shadows are a great start to keep your organization safe.