By Kiersten Todt
Small business owners are constantly reminded of the daunting challenge to protect their data – including data of their employees, customers, and partners – from online hackers and scammers. The challenge is real and complex, but some very effective solutions are not.
A focus on protecting the “core four” issues that, if unaddressed, can create the greatest vulnerabilities will enable small business owners to sleep at night and know that they are protected from the most likely causes of breaches and related attacks.
Every small business owner should ensure their companies are focused on the following:
- Using secure passwords
- Automating Security Patches
- Stopping phishing in its tracks
- Ditching the use of USB drives
Address the Core Four
There are many ways hackers will attempt to crack passwords. Hackers usually work against password lists obtained from breached servers.
One method is the Dictionary Crack, where software is used to check a password list against different combinations of common words/passwords and patterns. If the hackers can obtain personal information about the users, then this speeds up the process enormously. A recent study found that 1 in 50 people use their favorite sports team and the current calendar year as their password.
Creating a culture of strong, resilient passwords is a simple and effective way to improve your cyber readiness.
Secure Password Tip: The best password is a passphrase with 64 characters. Passphrases can be easier for people to remember and they only need to be changed if/when it is breached. Also, people can save the passphrase in their keychain, so they don’t need to type it in every time.
Automated Security Patches
A patch fixes a known vulnerability in a system, application or piece of software. Patches are released by the system operator but are the responsibility of the user to implement.
One of the biggest challenges organizations face is integrating patching into their processes. Software updates can take time, which makes it harder for you and your employees to make it a priority over your day-to-day work tasks.
Automated Security Patch Tip: Automation (turning on auto-update) is a great way to stay aware of new patches and schedule their installation at a convenient time. Rebooting your computer is also another way to ensure patches get installed.
Stop the Phishers
Phishing emails may adopt the disguise of a person or company you know and try to fool you to take an action, such as clicking a link or confirming sensitive information. For example, a phishing email could take on the guise of your HR officer asking you to confirm your bank account information and that they will withhold your paycheck unless you immediately confirm your identity.
Stop the Phishers Tip: Organizations should educate their employees on what to look for in an email to determine if it is a phishing attempt. If an employee has any concerns, he/she should contact the company’s IT expert. Companies should run basic phishing training on a regular basis.
Keep the USBs Away
Like most cyber attacks, a USB attack is opportunistic. Hackers will infect USB drives with malicious software, such as viruses, spyware, rootware and more. All of these can do irrevocable damage to your network as soon as they are installed.
USB attacks rely on human behavior for success. In most cases, the providers of USBs do not know if the USB is infected. Many people will plug an unknown USB into their computer.
Keep the USBs Away Tip: Adopt an online file sharing system that is access protected so you don’t need to use a USB.
You can find more details about launching cybersecurity programs for small businesses on the Cyber Readiness Institute website.
About the Cyber Readiness Institute
The Cyber Readiness Institute is a non-profit initiative that convenes senior business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cybersecurity tools for small and medium-sized enterprises. The Institute seeks to advance the cyber readiness of small and medium-sized enterprises to improve the security of global value chains. The free, self-guided Cyber Readiness Program for small and medium-sized enterprises was launched in December 2018 and is available in English, Spanish and Portuguese. Additional translations will soon be available in Chinese, Arabic, Japanese and French.
Kiersten Todt is the Managing Director of the Cyber Readiness Institute.