Maggi, June 16, 2014
This is the first post in our series about data security for small businesses. To find out more about the series and see a list of posts, go to A Terrifying Statistic for Small Businesses.
When you think about serious threats to information security for your small business, your first thought might be cybercriminals—the people who are out there trying to steal your customers’ financial information, or hack into your databases to find a back door into a larger supplier.
But you might be surprised that the greatest threat to your small business’s data is something a lot simpler. In fact, it’s something so simple that you probably don’t even think about it: your passwords.
You may have chuckled to yourself when you read that last paragraph, but bad password practices are no joke. You’d be amazed at how much easier is it to cause serious damage to a business if they aren’t using good password practices and tools.
Let’s say you know enough about passwords to vary them on occasion. Maybe the password for your bank account is ‘Charlie37’, your e-mail is protected by ‘(chucK)’, the password for your customer relations management software is ‘8Charlie!’, and your mobile phone account is ‘Ch4rles’. You might think this is enough to keep you safe, but it’s far from it.
Cybercriminals are getting increasingly sophisticated in the methods that they use to get access to your data, and using passwords that are even remotely similar can put you at a significant disadvantage. With password-guessing apps that can guess thousands of different passwords every minute, having even a vague idea of the password you might be using can be the difference between safety and going out of business.
And a lot of people don’t even use this much variety—they have a single password that they use on all of nearly all of their devices, accounts, and websites. If this happens, and someone gets a hold of your password, your entire online life could be taken over.
That means customer information, payment details, e-mails, tax records, backend website access, social media, and everything else that you use on a regular basis could be totally locked down, leaving everything at the mercy of someone who wants to take as much of your money as possible.
Is that something you want to risk?
So, if you shouldn’t use easy-to-remember passwords and a lot of duplication, what should you do? It’s really hard to remember a lot of random digits for dozens of different websites, but are there any other options?
Fortunately, there are a number of things you can do. First, you should come up with a strategy for choosing your passwords. One of my personal favourites is to choose a phrase and use that to create your password.
For example, you could have “I have three teenage children at home” as a phrase, and create a password like “iH3TageC@h.” While that appears to be a completely random assortment of lower-case and capital letters, numbers, and symbols, it’ll be a lot easier to remember if you have a phrase to go with it.
Here’s a great article on 7 ways to make up secure, memorable passwords.
Not sure that you can remember more than a few of those? Not to worry! There are a number of great password-management apps that will keep all of your passwords locked behind a single master password and allow you to use them whenever you need to.
I use LastPass, which will automatically fill in passwords on any website that I go to as long as I’ve used my master password to sign into the service. That way, you can just choose a single, long, complicated password to lock the app and not worry about the others. 1Password and KeePass are also popular options for this type of app.
The fact that you can use these apps on your mobile make them even more useful, as you’ll be able to access all of your sensitive information on the go. Most of these apps are free, and you can get additional features by paying for a premium subscription (which is what I do with LastPass).
I hope you can see how important it is to choose strong passwords! It’s a good idea to start choosing strong passwords when you open new accounts, but you should also take steps to protect data and accounts that you already have. These three steps will help.
1. Change your passwords. Right now.
I don’t want to sound alarmist, but if you haven’t changed your passwords in a while, or you have a lot of duplication, it’s imperative that you change them as soon as possible. Even if you haven’t seen any evidence of infiltration, you never know when your passwords might be exposed.
Go through as many of your websites and apps as you can think of, and change the passwords on them. Make sure to use good, strong passwords, and don’t duplicate ones that you’ve used already. (Using a password-management app for this is extremely helpful.)
If you use the same passwords for your business and personal accounts, change them all.
2. Add passwords to any devices that don’t use them.
If your laptop, desktop, or mobile phone can be accessed without a password, change that as soon as you can. Make sure your devices automatically lock after a certain amount of time (I recommend a minute for your mobile and tablet, and five to ten minutes for your computer), and that there’s no way to access them without entering a correct password.
Again, make sure that you’ve chosen a strong password for these. If someone runs off with your mobile, you don’t want them to be able to enter your last name and have access to everything. The same goes with your laptop—it’s easy for someone to nick it while you’re out of your office or your van, and letting them into all of your files with a five-character password won’t help you much.
3. Doubly protect any sensitive files.
If you store your customers’ payment information or contact details on your hard drive, it’s a good idea to add an additional layer of protectionto those files, just in case someone is able to infiltrate your computer.
If you’re not sure how to go about doing this, check out this article from Digital Trends on how to password protect a folder.
There’s a lot that you can do to make sure your company’s data is secure, but using strong passwords is the easiest and one of the most effective. Using just a couple weak passwords for all of your accounts is a great way to invite hackers in and give them complete control over your online presence!
Choosing strong passwords for your new accounts is great, but don’t neglect protecting the data that you already have. And not just your online stuff, either—cybercriminals know that nicking your laptop or your mobile is likely to give them unfettered access to all of your most important things.
Don’t give them the chance! Use good practices and tools to choose strong passwords and keep track of them.
And don’t forget to check back for the next entry in our series about keeping your data safe while it’s stored in the cloud!