Lock It Down! Cyber Security Basics for Small Business
“Cyber security” is a buzzword that’s been floating around for the last couple of years. Buzzword or no, being hacked is a very real and present danger in an increasingly globalized and connected world. Nowhere are threats to cyber security more present than in the small business sector where more than 60 percent of all cyber attacks occur.
As if running a business weren’t enough of a challenge, what with making the rent, paying your staff (and yourself if you’re lucky), and keeping your customers happy. Now, you need to become a cyber security expert on top of it all.
As it turns out, the basics of cyber security are actually pretty basic. It doesn’t take long to lock down your passwords and your email account, and you don’t have to be a Genius Bar expert to do it.
Cyber security basics: You and the Internet
Everyone, small business owners included, have a lot at stake when it comes to their finances—and especially their identity. Small business owners often have their business finances linked in some way to their own, so a hack into one can often mean a criminal has access to both your business and personal finances or identity.
So, let’s go over some basics that go a long way in protecting you against most cyber threats.
Secure your browser
The temptation is to default to using whatever browser came with our computer—whether that’s Google Chrome, Firefox, Safari, or even Internet Explorer. These are all easy to use, but their main job is really to sell stuff like your data and browsing history to third-party companies, especially those that sell advertising. That leaves you vulnerable to security breaches from ads and tracking software. Even if you aren’t worried about your personal computer or your phone (though you should be!), protecting your business’s digital records makes sense.
If you are a diehard Chrome, Firefox, or Safari user and you want to stick with it but want extra security, consider using its add-ons feature. Add-ons, also known as plugins, are kind of like the apps for a smartphone but for browsers, and they let you customize your experience.
I have two favorite free security add-ons for Chrome and Firefox. The first one is HTTPS Everywhere (for Chrome, for Firefox—it’s not available for Safari) which basically takes unsecure web addresses—those that start with http rather than https—and makes them secure by changing them to https. In case you’re curious, http stands for “hypertext transfer protocol” and defines how information is transmitted and received over the web. The s on the end means that information is being transmitted via Secure HTTP (S-HTTP) or Secure Sockets Layer (SSL) protocols, which encrypt information passed between a client (browser) and a server (web site). The second is Adblock Plus, which works on Chrome, Firefox, and Safari, and blocks most ads from appearing in your searches, blocks annoying pop-ups, and reduces the risk that you’ll click on spam.
Because I’m looking for a B&B in Dublin for my parents for their 20th anniversary, the browser can target advertisements for things it knows I’ve been searching for. Creepy.
While it’s likely still true that if you’re using a Mac, you’re less at risk of being hacked than someone using a computer running Windows, that hardly means you’re invulnerable. If you’re using Safari, there are extensions like Ghostery or Incognito, which both also have Chrome versions, that do the same job as AdBlock Plus.
Add-ons are great for customizing your browser experience and adding layers of security. But you can go a step further and use a browser specifically built with security and privacy in mind. Opera is perhaps the most popular and highly-rated of the new crop of security-conscious browsers. Another browser that keeps making the top ten lists is Epic Browser and best part, it’s free.
Opera and Epic are all about keeping your data private and delivering a secure browser experience that functions similarly to way your default browser functions with security add-ons like Ghostery, Adblock Plus, and others. Either is a great browser to use if you have multiple people accessing your business computer(s) and want to ensure that they aren’t inadvertently putting your security at risk.
Secure your passwords
Most people either have a ton of different passwords, which are a nightmare to keep track of, or they use the same password for everything, which is like having one key that opens your car, your home, your safe, your diary, and your mailbox. The risk inherent in that arrangement is hopefully obvious—lose that one key and all of those things become vulnerable.
So, if you’re not already doing this, use unique passwords for each online account you have! Is it a pain to track of all those passwords? It is if your current system involves a tattered notebook shoved in the back of a drawer somewhere in the kitchen junk drawer. But there’s a better way.
One is an online password manager service that Townsquared CEO, Rohit Prakash, recommends, called LastPass. LastPass allows you to organize all your online passwords under one “super” password, meaning you only ever have to remember that one password. You can use their services, via a browser extension or by going to their site, to login to any site for which you’ve saved a password. It’s free for individual use, but you can upgrade and set up accounts for each member of your staff.
Secure your email
Your email account is the front line of defense when it comes to protecting your privacy and security. That’s partly because it’s where a lot of personal details live, making it a prime target for cyber threats. Securing your email is all about awareness.
The folks over at software security company Heimdal Security have great articles on their blog for tips on increasing internet security. When it comes to making your email more secure, they have a great how-to on securing email accounts if you’re using one of the bigger email servers like Gmail, Yahoo, and Outlook. Although I recommend reading their piece for more details, we’ll keep it simple here and focus on the two biggest dangers related to your email account: password security and spam.
Setting up protections for the password to your email account is actually really simple and most email services offer what’s called 2-step verification. Two-step verification works pretty much like it sounds: when you login to your email account, your email server will ask you to provide a second verification (in addition to your password) that you’re you. The most common, and in my opinion simplest, is SMS verification. If you were going to your Gmail, for example, after you put in your email and password, Gmail would send a text to your phone with a unique six-digit code. You’d need to enter that code into Gmail in order to proceed to your account. Here’s how to set up two-step verification for Gmail.
With threats like spam, malware, and phishing, it can be difficult to tell what’s real and what’s a scam when it comes to emails, so avoiding them is trickier than setting up two-step verification. You might, for example, get an email from what looks like a financial institution with whom you have an account, or even an e-card from a friend—but these can turn out to scams designed to trick you into providing your bank account numbers and passwords, or to open an email that will automatically download malware that will infect your computer.
The best way to guard against these types of spam scams is to follow the old adage from my high school Home-Ec class: “When in doubt, throw it out.” Just like that week-old Thai food in the fridge, if an email seems like it could be dodgy, don’t take the risk. If you’re in any doubt about the legitimacy of the sender, delete the email before opening it.
If you’re worried that an email actually is from your bank, then get on the phone or go to your branch and inquire directly with a bank representative as to the email’s authenticity. As a rule: no one legitimate is going to ask you for personal or private information over an email, including account and Social Security numbers. In fact, a legitimate organization like your bank will usually tell you never to provide sensitive information via email.
Remember nothing is 100% secure; we just don’t know how vulnerable a system is until the hackers have given it a run for its money. That includes https sites, which do not guarantee absolute security. If you’re sending money or sensitive information over the web, make double-sure it’s going to a reputable entity, and that you’re on that entity’s actual website, rather than a look-like site—like a fake Bank of America site, for example—set up to deceive the unwary.
And, remember, you’re only as safe as the company you keep. If you spend time hanging around on unsecure, spammy sites, you’re more likely to catch some malware. A good browser extension like Adblock Plus or browser like Opera or Epic should tell you if you’re heading into a sketchy-looking neighborhood of the Internet.
There you have it, a crash course to keeping your sensitive information cyber-secure. Start by setting up two-step verification on your email—it’s the easiest thing to do and really makes a difference!