Online business owners should be careful attacks by piracy very seriously, no matter how it looks.
Data breaches, denial of service attacks, or compromised sites used to distribute malware will impact your business; And that includes the small business sector. In fact, small businesses may suffer greater consequences as a result of piracy than a larger company that has the financial confidence and organizational resources to recover twice.
Ask yourself: could your online business survive if the website is offline for a week, your email service doesn’t work for days, or the reputational consequences (and data protection regulations) of customer data are compromised ? And that doesn’t even take into account time, the most valuable asset you have as a small business owner, lost by identifying and solving the problem.
Unfortunately, there is no 100% guarantee that your business does not contain piracy in the connected world of online business.
However, here are five simple tips that will make life much more difficult for the future hacker …
1. Use a password management system
Passwords are at the heart of most security policies and the site’s many successful trade-offs.
Larger companies are using expensive password management suites to enforce and manage them, while consumers are increasingly turning to password “safes” to generate, encrypt, store and access them. The solutions are not for the small business environment either, because they are too expensive and too simplistic, respectively.
However, there are alternatives, such as the enterprise version of LastPass , which is a relatively low cost per user and comes with additional business-oriented elements, such as setting minimum company-wide password standards to meet your policy requirements, applying custom policies to restrict access to certain devices, groups, or locations, Active Directory (AD) / Lightweight Directory Access Protocol (LDAP) integration, and real-time synchronization between devices.
2. Two factors are better than one
Even with proper management, passwords are still vulnerable to compromise. For example, if a hacker can access business email accounts or social networks (through social engineering or password reset), they will likely have access to information that will help them get into your business. Simply, a single password is no longer enough and two-factor authentication (2FA) or two-step verification should be implemented wherever it is offered.
With 2FA, if someone tries to access the company’s services on unauthorized devices (i.e., those that were not used before or were not authorized for further use), they will be asked for a separate authorization code in addition to the name. typical user. . / access password. This can be generated by an SMS text message sent to a registered smartphone using an approved code generation application or sometimes with a dedicated hardware token.
2FA is an excellent attenuator against hackers who have taken connection data from malware or compromises from third parties and are trying their luck.
3. Politics matters
Many small businesses mistakenly assume that they do not need a formal security policy, but these documents are not just for businesses. Even the smallest SMEs will benefit from hiring this type of plan and they are easier to create and implement than you might think . In fact, if done correctly, it will be the backbone of the overall security position.
The trick is to understand that it is more than a formal document that needs to be stored, collecting dust; It should be seen as a dynamic device to help you understand what data security means to your business and the basis for a structured response to identified needs. The best security policy will detail not only how to protect your data, but also how to react when things go wrong. Establishing an incident response strategy when the head is calm is much better than trying to fix things in the heat of the moment.
4. Education, education, education
Social engineering remains a major threat to data security and small business sites, whether it’s targeted trojans or spoofing targeting certain staff members, broad social media profiles of business to look like a real customer, or more bad, the combined attacks that combine all these methodologies. Fortunately, all this can be combated with employee education, which goes beyond just using hardware / software solutions.
Make sure your staff does not open the door to bad guys and let them go with their valuable data, making sure you are both aware of the value of the data and how security can be compromised. Once this knowledge exists, staff can mitigate the risk by simply changing their behavior. In fact, the smaller the company, the easier it will be to achieve, because the cost of maintaining awareness is directly proportional to the number of staff you have.
5. Don’t forget the simple things
At the risk of sounding condescending, the simplest anti-hacking tip to offer a small business is to protect your network. Really. It’s not something that requires a fully certified geek genius, it’s just an understanding that he doesn’t care about the little things.
So make sure you have antivirus software installed and keep it up to date, apply updates to your operating system and applications with religious fervor, and control who can access what data.
Most staff will not need full access to everything, so apply the «you need to know» rule: if an employee can do their job without using a particular system or data, it must be blocked. The same should apply to visitors, unless there is a very good reason to allow them to enter.
Remember, if you reduce the number of people who have access to your data, you reduce the chance of bad guys using it as a way to steal.