Guest post by Jennie Lyon, Founder @ jennielyon.com
Russian hackers, Anonymous, internet trolls with a grudge, independent criminals looking for a quick payday – the world is full of not-so-benign threats to your business.
When you get hacked, it hurts. Maybe not $5 Billion hurts, but it hurts nonetheless. It’s a distraction, it’s usually not free to fix, and it keeps you from focusing on your business.
There are a few free or cost-effective ways to mitigate your business’ exposure.
Preventing Fraud & Identity Theft
Not every scam is as obvious as receiving an email from a mysterious “Nigerian Prince”. More and more sophisticated phishing strategies and identity theft scams are being used every day.
Just ask the dozens of call center employees recently arrested for defrauding more than 1,500 people in an IRS scam.
Be careful about following links from your email. Just check the URL to see if it matches the official website for any given company, it’s a simple step that could save you.
Never give your credit card information to anyone who phones you, and always phone the official bank or company telephone number yourself.
NEVER give your password to anyone, ever!
Using weak or default passwords is one of the single biggest security holes in business today.
Trivia: In the 1995 cult-classic Hackers, what is claimed to be the most common administrator password? (answer at the end of the post)
Unfortunately, people choose passwords they can remember. These tend to be shorter, made up of dictionary words, and use only the letters of the alphabet.
They also re-use the same couple of passwords for every account they have, with services that have varying levels of security - and risk of being hacked.
Ideally, you should be using a password manager to generate a unique password for every website you use.
The longer the password, the harder it is to crack using brute force programs. Even harder when you include special characters and numbers in randomized order, avoiding patterns at all costs.
Services like LastPass and Dashlane will keep all your passwords in one place, secured by a master key that only you know.
Password managers add value by generating unique passwords for each service you store credentials for. Many also enable you to share your account access with team members, without revealing the password.
Encryption dates back to ancient civilization. Put simply, encryption is the practice of obscuring information behind a method and/or key that will help the recipient make sense of it.
In modern terminology, you can basically think of encryption as a method of protecting electronic communications and data using complex algorithms.
Encryption is built into a lot of the processes and devices we use every day. Everytime you send an iMessage from your iPhone, it’s encrypted and completely indecipherable to hackers, unless they have your pin, password, or thumbprint.
Emails are encrypted when we send them, assuming you’re using a secure email service. You can encrypt and password protect documents such as PDFs or files in a ZIP archive too.
Encryption is a broad and immersive topic, and you should definitely read up on it some more.
The main lesson here is, do your best to use services that encrypt your information. Most of the time it’s just a simple decision to use iMessage instead of an alternate platform, sometimes you might have to pay for it.
A short list of encrypted communication services:
- Signal (Free)
- iMessage (Free, iPhone only)
- WhatsApp (Free)
- ProtonMail (Freemium)
- SendInc (Freemium)
If a document has personal or business contact information, contains signatures, proprietary information, or other sensitive material, you can’t just throw it in the recycling bin.
Unfortunately unscrupulous employees, trash pickers, and identity thieves often go through improperly disposed of documents for anything they can exploit.
This is another reason why digitizing documents is so useful, digital copies can be password protected and encrypted, while the originals can be destroyed.
This cuts down on the number of important documents which need to be stored in hardcopy, and limits exposure to unauthorized copying or outright theft.
It’s important to oversee destruction of documents yourself, or have it taken care of by a trustworthy company. HIPAA compliance is a strong signal that the service you’re using is up to the highest standards.
Multi-way shredding prevents simple piecing together of destroyed documents, and appropriate disposal or destruction measures should always be taken.
The Old-Fashioned Approach
For those documents which you need to keep hard copies of, there are always secure office storage and secure off-site storage. A good locking file cabinet would do the trick with contracts and other slightly less sensitive material that you might have in large quantities.
However, those are obviously not thief-proof. If there’s something really valuable inside it’s not hard to get past these limited security measures.
A modern, high security safe is a good step up in protecting your most important documents, like: personal identification, fundamental business records, intellectual property, and the like. Make sure whichever safe you invest in is fireproof and waterproof if possible, and installed correctly.
Whenever you’re looking at partnering with any kind of business services, it’s within your rights to investigate their security measures.
Many business-class services will have a page dedicated to their focus on security. Don’t be afraid to inquire for more information.
If you’re shopping for enterprise solutions, then a security questionnaire is par for the course. Your due diligence can end up saving you a lot of trouble in the end.
Trivia Answer: There were actually four - “God”, “Love”, “Sex”, and “Secret”.