Security & Password Management for Small Businesses
Authored by: Support.com Tech Pro Team
1. Small Business Security & Password Management
Security & Passwords
For small businesses, the costs and damages caused by a security and/or data breach can be irreversible, potentially opening your organization to legal issues if customers’ privacy rights are violated. This means that having strong security and password policies are extremely important. The average cost of a single data/security breach for companies in 2019 is 3.92 million dollars.
Mandating that strong passwords be created and used by everyone makes it significantly more difficult for a hacker to break into a system. Strong passwords are usually considered to be at least eight characters long and consist of uppercase and lowercase letters, numbers, and symbols.
Steer clear of dictionary words in passwords. Many times, hackers will make use of sophisticated programs that will search through tens of thousands of dictionary words in an attempt to crack a password. Avoid dictionary attacks by opting to use randomized passwords.
Ensure that different passwords are being used for every account. Using the same password for multiple accounts may be convenient for most users, but it makes those accounts more vulnerable if that password is exposed. Diversifying all account passwords is the safest practice.
Change passwords at regular and set intervals! Keeping the same passwords around for long periods of time is also a security risk in that it allows a hacker to continue 'working' on bypassing it. Changing passwords at a set interval ensures that the existing policies are continuously being met, and will help outwit hackers.
Do not allow password sharing between co-workers! Password sharing makes it harder to establish exactly who is doing what when employees share passwords. Under normal circumstances, if sensitive company data has been altered or if unapproved changes have been made to critical documents and/or data, identifying the user through the account credentials that were used makes this behavior easy to track & manage. If hackers do gain entry to your system, shared passwords make it that much easier to access other parts of your network.
Avoid storing passwords, whether it be digitally or on paper, as such information could be stolen and used by those with malicious intentions. A hacker that discovers a document full of shared passwords in one employee’s Google account can turn a single security incident into a full-blown breach.
Use Password Management Software
The single easiest way to fulfill most of the recommendations above is to employ password management software within your small business. Password management software will generate strong passwords for any account that requires logging in, and will store all of them securely behind a master password. This means there is no longer a need for you or your employees to remember dozens of complex passwords. Putting password management software in place will ensure that all of your accounts are kept secure and will help minimize downtime due to forgotten passwords.
Enable Two-Factor Authentication Wherever it's Available
Two-factor authentication adds a second layer of protection to accounts to go alongside their regular method of logging in. Most commonly, this involves receiving a verification code via app or text message on a mobile device. This means that no one can log into the account in question without physical access to your mobile device, even if they have your password. While this isn't available for every type of account out there, enabling it whenever possible creates a near impenetrable added layer of security.
Secure Your Workstations
No matter what precautions you take, or how strong your passwords are, none of it is safe if a malicious software program is monitoring what you're entering on your keyboard. Always make sure your workstations are secure, up-to-date, and using reliable virus scanning software.
Further Reading
The following guides can help with the recommendations above:
Choosing between deploying a wired or wireless network in a small business environment is not always easy. There are benefits and drawbacks to both approaches. Some of the advantages of using a wired network include:
Security - current Wi-Fi security protocols are notoriously weak and their vulnerabilities have been well documented. A persistent hacker can obtain most Wi-Fi passwords in matter of minutes to hours using freely available hacking tools, and may not need physical access to your building in order to join the network. If your business is regularly transmitting sensitive data over a network (such as credit card transactions, private customer information, etc.), a wired solution would help to keep your data significantly more secure as a hacker would generally need to obtain physical network access. You can also slow down hackers by using best practices for creating and keeping secure passwords.
Speed - while the speed of Wi-Fi keeps getting faster (especially in higher end hardware and modern Mesh networks, which have made network speed differences largely trivial), an average low cost wireless network is not as fast as a wired one.
That being said, many businesses will choose Wi-Fi for its many benefits, including but not limited to:
Cost - entry-level wireless routers cost as little as $30 and do not require massive cable runs behind walls in order to connect devices spread across an office.
Modern convenience - all smartphones, tablets, and laptops have Wi-Fi adapters built in, and Wi-Fi technology allows users to roam while connected to the network.
Configuration - setting up and securing routers from major brands is a relatively painless process.
This is offset by some Wi-Fi disadvantages:
Range / Coverage - the range of your wired network is as long as your network cable runs (and budget) allow, whereas Wi-Fi networks often need to utilize inefficient repeaters/extenders that practically cut your available bandwidth in half, or use an advanced Mesh network which eliminates the problem of cutting bandwidth in order to provide optimal signal strength throughout a building without any dead spots.
Interference - interference can happen at any time from any number of devices or barriers in your building. There are things you can do to fix a slow network connection caused by interference, but centrally re-locating your wireless router / access point is generally the best and easiest fix.
Passwords. Best practices for passwords (don't reuse the same ones, etc etc).
Links for further reading: Are Password Managers Safe? How to Create a Strong Password You Can Remember
Firewalls
Basic concepts (hardware and software), why they are important.
Links for further reading How to Open Firewall Ports on a Router Windows PC Mac
Malware
Overview of threat, what malware can do, how it spreads
Links for further reading How to Prevent Malware on a Mac How to Prevent Malware on a Windows PC
Shared printers
Benefits of wireless printers explained (easy for more devices to print from, no host computer needed, etc)
Links for further reading How to Fix a Printer that Won't Print on Windows 10 How to Fix Printer Issues On Apple Mac
Links to how to set up different printers
Data Backup
Customer data is perhaps the greatest asset in forging unique experiences, however in today's digital world the risk of losing that data is your biggest liability. Small businesses seem to be more vulnerable to data loss as there is a greater reliance on local hardware for data storage. There's also the issue of keeping backup drives locally instead of storing them in separate off-site locations. Hardware failure in these situations could mean extended downtime and data recovery costs in the thousands.
The modern approach to backups is to use the cloud. Cloud is redundant, keeps your uptime high and costs tend to scale with your company's growth. There's also zero infrastructure investment required, it's easy to maintain and disaster recovery is quicker. With such amazing benefits more and more businesses are heading in that direction, opting to take advantage of the sophisticated backup functionalities that cloud service providers offer.
The challenge to make certain that your employees have a secure method of backing up data so that your business is not vulnerable to destructive attacks or data breaches is understandable. There are so many options and nobody can prevent or protect against every type of cyber crime or threat out there, but choosing the right backup method could mean all the difference between success and failure.
IDrive - One account to backup all your business data via remote dashboard. Basic account is free with 5 GB, while the business plan offers 250 GB of storage for unlimited computers and unlimited users for a reasonable fee.
Acronis - Different administrators can be assigned different roles and your backups can be stored in several different locations.
CrashPlan - Allows admins to manage multiple users, change permissions for employees and see real-time reports on activity and storage use.
Arcserve - Manage restores, track cloud usage, schedule backups all from one console. It also has a tool to reduce duplicate files so that your storage isn't eaten up unnecessarily.
Carbonite - Easy to install and use. Boasts easy file recovery for computers infected by ransomware. Monitor online backups and access files from any device via a secure, web-based dashboard.
Whichever backup method you chose, make sure that backups are scheduled to occur regularly and you test them to ensure the process is sound.
delete:
Most breaches happen in North America where the estimated average cost will be over $150 million by 2020. Meanwhile, 43% of these attacks are aimed at small companies and cost $200,000 on average which would sink most businesses.
Write about different data backup solutions (Cloud, software, etc)
.png)
