Is Your Business Cyber-Secure?

lavilo-webdesign-is-your-business-cyber-secure.jpg

As a small business owner, you have many things on your mind. You create offers for potential customers, make service calls, and do most of the back office paperwork in the evening when you come back. You have no doubt heard the news that companies are being hacked by cybercriminals who encrypt computers and then extort a hefty ransom to restore the data. In other attacks, client information was stolen or bank accounts emptied.

While it is difficult to completely prevent such an attack, these thirteen steps can help make your business more cyber-secure.

Your Device

  • Keep the operating system on your device current.
    Regardless of whether you use Microsoft Windows, Apple macOS, Google Chrome, or a smartphone, any software can have security gaps that cybercriminals can exploit to attack. However, if Microsoft, Apple, or Google notice a bug in their software, they also quickly provide an update, a so-called patch, to fix it. The first step to making your business more cyber-secure is to implement these updates immediately. It usually takes just a few minutes to download the new version and update your device.

  • Use antivirus software.
    Everyone uses the internet during the day to find information. But how do you know if the site you want to visit is not infected with malware? As a user, you cannot. But a computer program can. Such antivirus software monitors your browsing activity and immediately intervenes before malware can damage your computer. Not all antivirus software is equally effective, especially when it comes to the free versions. Sometimes, it is worth spending a few dollars a year to build a solid defense. Norton, McAfee, and Kaspersky offer reliable cybersecurity products that protect your computer.

  • Stay away from public WiFi.
    You have likely been in situations where you needed to change an offer or pay an invoice, and the only way to access the internet was through public WiFi in a coffee shop or a hotel room. Please avoid using public WiFi under all circumstances. You do not know who is secretly reading what you are typing. For example, a security camera behind you in a restaurant could focus on your keyboard as you type your password. Or the name of a WiFi network can mislead you to think that you are connected to the hotel's WiFi network. In reality, you have connected to a hacker's hotspot. If your office is your car, you should invest in a SIM-card-enabled laptop or tablet. The connection is much more secure, and you can do the work from your vehicle or a hotel room, away from prying eyes and dubious hotspots.

  • Minimize the use of apps on your smartphone and tablet.
    With all the apps you can download for free on your smartphone or tablet, you have to ask yourself how the app developers make money. They sell your data. Unfortunately, they often do not limit their data-gathering efforts to their own apps but widely collect information from your entire device. How these recipients use your data is entirely unclear. As a precaution, delete any unnecessary apps or games from your devices and leave only those apps you absolutely need for work.

  • Be suspicious of file attachments or links in emails.

    • File attachments such as documents or photos can contain malware that can infect your computer if you click and open the attached file. You won't notice when your computer gets infected. It happens so quickly and in the background.

    • Links embedded in malicious emails work differently. They may look legitimate. However, when you click on one, the link will secretly redirect you to a hacker-controlled site infecting your computer with malware before redirecting you to the web page you originally wanted to see.

    I recommend not clicking links in emails or opening file attachments unless the antivirus software checked them first.

  • Don't dial telephone numbers listed in emails.

    You will likely also receive these emails claiming, for example, that your password has been stolen. These phishing emails often want you to call a particular telephone number listed in the email to solve the issue. Please don't do it. For example, suppose the email is from your bank or a party you deal with regularly. If this happens, first try to verify the contact information by checking the phone numbers listed on your bank statement or the bank's website before taking any action.

  • Regularly backup your data.

    Whether you store your data in the cloud or on your computer, I recommend backing up at least your mission-critical data regularly. These are all your documents your company cannot operate without. At a minimum, I recommend keeping a copy of your current accounting information, your customer list, your vendor list, and documents related to your cost and price information. For more information, see my article: Do You Backup Your Data?

Your Website

  • Take ownership of your digital assets.
    Digital assets are as valuable to your business as your physical assets. You paid a graphic designer to create your logo, a photographer to take pictures of your products, and a copywriter to craft the texts on your website. Losing this information would be a colossal blow to any business. Therefore, you need to take control of your digital assets. When a web designer maintains your website, have them transfer the ownership of your site and domain name to you. You can then invite them back as an administrator to manage your site. For more information, see my article: How to better protect your digital assets.

  • Use strong passwords.
    Passwords are impractical, but they play an essential role in keeping your content secure. Passwords are considered strong if they are at least twelve characters long and consist of numbers, symbols, upper and lower case letters. Avoid one-word passwords found in a dictionary. Hackers try these words first. Instead, use sentences of several words that cannot be traced back to anything you have experienced and make no sense on their own.

  • Activate two-factor authentication.
    Many internet services offer two-factor authentication. In addition to entering your password, you will receive a numeric code via text message (the second factor). You must enter this code before you can access the service. Since this second layer of authentication is independent of your password, it becomes more difficult for cybercriminals to steal your information.

  • Activate your SSL-certificate.
    You have probably noticed the small lock-symbol next to a domain name. It signals a user that the data traffic between their browser and the website they are visiting is encrypted. If your browser instead shows "Not Secure" next to your domain name, you should ask your web designer to activate your SSL-certificate. Please also read my article on this topic: Why does my browser show "Not Secure"?

  • Activate CAPTCHA.
    If you operate an online store or, like me, offer visitors to subscribe to a newsletter, sooner or later, you will be the victim of fake-accounts. As robots continuously search the web, they create new accounts with stolen email addresses tarnishing your brand. To ensure that a human and not a robot has created the account, you can activate CAPTCHA on your site. The check-out process is only complete when, for example, your customer has identified crosswalks in a set of images, a task that a computer cannot perform. More information about CAPTCHA can be found in my article: CAPTCHA!

  • Insure against cyber liability.
    With increasing cybercrime, many insurance companies are now offering cyber liability insurance. These policies typically cover your company against data loss, the cost of recovery, extortion, legal fees, and regulatory fines. However, as a condition of coverage, these insurance policies, at a minimum, require your business to have proper security protocols in place and use antivirus software.

Following these best practices and precautions may not completely prevent your company from being hacked. Still, they make it more difficult and time-consuming for cybercriminals to find a vulnerability that they can exploit for their attacks. With this in mind, be careful and never let your guard down.