When it comes to cybersecurity and IT, it pays to be proactive—simply waiting for the next disaster to strike is not a very smart way to protect your data. First and foremost, all of your company employees should remain alert and security-conscious—the weakest link in the Security chain is always humans. That may take regular training and constant reminders, but it’s worth the effort. Second, there are simple preventive steps that you can take to keep out intruders and lock down your data. They may seem obvious, but we should never take cybersecurity for granted. Below, read up on the small, simple things you can do to secure your today in 24 hours.
1. Always Update Your Devices
Every computer with an operating system gets regular security updates—including Mac and Microsoft Windows. These updates are required, not optional; just because you have antivirus software installed on your computer doesn’t mean that you can bypass your security updates. Updates deal with software vulnerabilities that have nothing to do with viruses. Security patches are part of the lifecycle of every device and every piece of software (and firmware). That includes all of the software on all your computers. It includes your smartphones and tablets, as well as all the Internet of Things (IoT) devices around the world.
Managing these updates can be a major hassle for hardware and software vendors, but as gaps in code are found (vulnerabilities), it’s almost always the best way to address associated risk with those devices. For bonus points, research vendors before buying their products to see what priority they assign to protecting their users. Certain platforms (such as Android) have large differences from manufacturer to manufacturer in this regard.
2. Use Strong, Unique Passwords
The first rule of password management is to use different passwords for all your logins. If you’re using the same password for every application that you log into, you’re putting yourself and your data at risk. Suppose a hacker gets a hold of your email password. With that, he or she immediately has access to much more than you’d expect: your social media accounts, your bank account, your cloud applications, your company website. And all of these sites likely use your email as a recovery option to reset passwords.
Now, there are plenty of other no-no’s that you’re probably already aware of, such as: don’t leave your passwords on sticky notes on your computer screen. Stay away from birth dates, your address, your Social Security number, your pet’s name—anything that a curious criminal might be able to discover by investigation.
But, the problem with using a strong password is that it might be too good. If it’s so complex and meaningless that you can’t remember it, then you’re in trouble. One way to generate a strong password in your own mind is to make it as long as possible, within reason. For example, “pinkelephantslovejuicycarrots” is difficult to crack, but still easy to remember. You can add in special characters or random capitalization to make it even stronger.
You can come up with your own method to create a unique password—the aim is simply to make it something that neither a hacker nor their sophisticated software could easily figure out. Just make sure your password is strong, unique, and somewhat easy to remember.
3. Store Passwords in a Reputable Password Manager
A password manager can generate strong passwords for all your logins, and you’ll only have to remember one password. Just don’t forget the login to the password manager! There are some good password managers on the market, like 1Password, that offer strong protection from cyber criminals. When you don't have to remember every single password, you’re free to generate random >20 character passwords that are ultra secure! With many password managers, even if your passwords are stolen, they should be encrypted and cannot be used. Do your homework and compare products so that you can make an informed decision.
4. Use Multi-factor Authentication (MFA)
If you really want to protect an application, multi-factor authentication offers something extra. MFA was created to enhance security beyond simply using a password. It uses a combination of three possible factors:
- Knowledge factor: Something only the user knows
- Possession factor: Something only the user has
- Inherence factor: Something only the user is
Usually, applications only require two of these three factors, which is known as two-factor authentication (2FA). Many websites are now using 2FA to increase login security. Your bank, for instance, may ask you for something you know (your password), then send a one-time code to something you have (your smartphone). Of course, problems arise when your phone is not available. Potential complications aside, it’s smart to use 2FA as often as possible. Finally, biometric identification is a form of inherence factor. IT professionals who need to authenticate at the door of a data center may be asked to provide a hand scan along with the use of a password code to enter.
Today, MFA should no longer be seen as optional. It’s a critical control that drastically increases difficulty to compromise an account.
5. Backup Your Data
This simple practice has been around for ages, especially in the tech world. It was common practice in the early days of computing to include a regular backup schedule as part of business processes. The schedule might include end of day (EOD), end of week (EOW), or end of month (EOM) backup. Now these processes can be easily automated. Unfortunately, many small businesses are lax in this area and do not create these automated processes in the first place. And when they have lost their data for whatever reason, they have no backup on which to rely. Backing up your data is Security 101 for small- and medium-sized businesses.
It would be a mistake to think that data security is too difficult to attempt. Without going into all the nuts and bolts, there are some simple practices that everyone can adopt to improve cybersecurity on a personal and professional level. Taking action in these five low-lift areas is a great place to start.
Ready to start taking cybersecurity and IT seriously at your small business? AaDya can help! Email firstname.lastname@example.org to speak to an AaDya team member today.