Small businesses are increasingly among the most frequent targets of cybercrime. According to the 2017 Verizon Data Breach Investigation Report, 61 percent of all security breaches hit businesses with fewer than 1,000 employees.
Why? Hackers target small businesses more often because small businesses are more likely than large businesses to put cyber security on the back burner. This security gap is often created by budget restraints and keeping up with daily business operations. There are, however, simple ways to improve your cyber security at no cost.
The single, easiest method to improve the security of your business is to beef up your passwords and password storage. Not only do the passwords themselves often need improvement, but also the way they are stored and/or shared with other employees and/or clients. I recommend using a password manager to protect yourself and your business. No, by password manager I don’t mean a person who manages all the passwords you have written down on sticky-notes. I mean an application, cloud-based or on a local computer, used to create, store, and share your passwords in a secure manner. It’s more like a digital safe for your passwords with a doorperson by its side who can craft you the most elegant and secure passwords.
I don’t want to promote one password manager over another, so a simple web-search for “free password manager” will likely return some reliable results. Look for one that helps generate secure passwords, has a tutorial that doesn’t scare you away and allows you to use multi-factor authentication. Don’t worry, multi-factor authentication is just a fancy phrase meaning you require two forms of identification before being able to login, such as a password plus a 6-digit code sent via text. In fact, adding multi-factor authentication to your other accounts is another fantastic way to improve the security of your online accounts. It prevents a hacker from getting into your account by just guessing your password. They would need access to your phone as well.
Exactly how does a password manager helps protect your business from hackers? Of all hacking related breaches, 81 percent leveraged either stolen or weak passwords according to the 2017 Data Breach Investigations Report.
How does this happen? For one thing, people still use passwords like “qwerty” and “password” because creating and remembering strong passwords is hard. So hard that most people don’t do it.
A “fun” exercise I used to determine the strength of my password (before I started using a password manager) was looking through a list of the most commonly used passwords to see how similar my password was to those on the list. No matter how clever I thought I was, most of the time someone else was using a similar password.
Password managers make creating and storing strong passwords simple. You only need to remember one strong master password, then all your iron-clad passwords will be stored without the need to remember long strings of random characters.
Once a password manager is chosen, the first thing to do is move all current passwords to the password manager. The next step is to find which accounts have duplicate, weak, or similar passwords and change them.
Most good password managers will make this step easy by flagging which passwords need the most attention and generating secure passwords to replace the old ones.
When creating passwords without the password manager, however, make sure to follow one core rule recommended by the United States National Institute for Standards and Technology (NIST). Use a combination of words which is easily pictured in your head but is not a commonly used phrase.
For example, “Yellow-Cows-Eat-Red-Cabbage” would be a decent password. The password “goPokes”, however, would not be an appropriate choice because it’s a phrase commonly used around Wyoming. And while it is better to have a long password with symbols, numbers and impenetrable nonsense, NIST regulations state that it’s better to have a long password that you can easily remember over an impenetrable one that you have to write down somewhere.
Using a password manager to store and create passwords is by no means the only thing your small business should be doing to protect themselves from hackers and other cyber security threats, but it is a great start. This simple act of upgrading and protecting your passwords will prevent your business from becoming one of the 81 percent of businesses hurt by weak, or stolen passwords. If you want to learn more about how to improve your cyber security, www.fcc.gov has some terrific resources for learning how to protect your business in age of the Internet.
Matt Cook is a software developer and the data protection officer for Language I/O, a software company headquartered in Cheyenne, WY. Language I/O enables multilingual customer support inside major Client Relationship Management (CRM) platforms such as Salesforce and Oracle. While Language I/O is a small company, their product attracts large companies with a global client base such as LinkedIn, iRobot, ConstantContact and many other well-known brands. Because of this, data security is always their top priority and they frequently undergo security audits by standards bodies, clients and the CRMs platforms where their software is embedded.