Small businesses are not the most lucrative companies a fraudster can target, and breaching them provides little kudos for the attention-seeking hacker. Most of the sources of danger to your business are therefore not complex attacks, but are simple threats based closer to home. It is more likely that someone you employ will be fooled into opening an attachment that unleashes rogue computer code that can delete your data or turn your mail server into a spamming engine.
Cloud computing is another seemingly complex security issue – but it really comes down to choosing a trusted service provider and ensuring your people stick to security protocols.
If you put the right processes in place, and use the right devices, mistakes and temptation can be minimized. Eliminating the sources of those breaches can simplify security and neutralize most threats. Here are some simple practical steps you can take.
1. Change your passwords
This is the easiest and simplest way to avoid a breach. The mobile phone is arguably a small business’s most important strategic tool, but many people never change their default voicemail password. As a consequence, any rival, criminal or newspaper reporter can easily pick up their messages, find out who they are talking to and try to exploit the situation. Every employee should choose a PIN that is meaningful to them – but no one else. The same holds true for landline voicemail and conference-calling facilities.
2. Secure your WiFi network
It only takes a minute to impose password access on a WiFi router, whether it’s a WEP or WPA – which involves slightly more effort but gives an extra level of security. However, many businesses don’t bother. That’s fine, if you don’t mind the fact that anyone can jump on your network, copy or delete your files and use your bandwidth. There are technophobe-friendly instructions for securing your WiFi network online, only a Google search away.
3. Refine your social strategy
Social network platforms such as LinkedIn, Facebook and Twitter are a godsend for small businesses. They are cheap and user-friendly way for your staff to talk to your customers. But their informality is often the downfall of employees and businesses alike. The recent publication of hacked LinkedIn passwords by an online magazine for fraudsters could have been a disaster for the many people who use the same password for every site. Do impress on employees that they must act professionally at all times, remembering that they represent the business and have a duty to protect its interests. Also, remember to change all default privacy settings, especially on Facebook, which has a labyrinth of choices. Think about who and what apps you want to be able to access and post on your page, and tailor accordingly.
4. Change the default settings on your employees
People come with a default setting called “trust.” This is why many can be conned into believing that a complete stranger might send them an attachment with a free game, introduce them to a multimillion-dollar business opportunity or offer them a free iPad3.
Change this default by teaching your staff to question the motives of any unfamiliar communication. Advise them to hover their mouse over all hyperlinks before clicking on them. That way, they can see the real destination that the link – supposedly from their bank – is about to take them to.
5. Automate security with control on a stick
As we have seen above, simple steps (such as changing passwords) often seem like too much work for users. More complicated disciplines, such as file encryption and remembering complicated routines for ID verification, are even less likely to be observed. As business is constantly evolving, new opportunities can bring new dangers. The growing popularity of file synchronization services like those offered by Dropbox and Google are an easy way for our increasingly mobile workforce to share files, but they’re proving a malware spreader’s dream. If in doubt, disable them! And with cloud computing in general, ensure you choose a service provider who is well known and who has robust measures in place to protect the physical servers on which your all-important data is stored.
Preconfigured code on gadgets such as encrypted memory sticks and smart cards are therefore an easy way to enforce the right habits. They can unlock doors (through verification) to the right people, and deny access (through encryption) when necessary. It’s like having a security guard in your pocket. Single passwords are easy to crack – especially if the criminal knows the name of your first pet or they’ve read your password on a fraudster’s forum. Two-factor authentication multiplies the complexity of cracking your password infinitely, so hackers will find an easier target.
As a rule, if you can’t close something down through the settings, find a trusted security app or a gadget that will do it for you.