Member Article

Top tips on how to protect your SME from hackers

Companies of all sizes are vulnerable to hackers, and while a data breach is a problem no matter what size your company is, for small and medium-sized businesses, it can be particularly acute. That’s because smaller enterprises generally have fewer resources available to investigate a hacking incident, address vulnerabilities and comply with mandatory reporting requirements.

A cyber security incident can generate negative publicity and severely damage a small business by compromising its competitive edge and depleting client trust in its ability to securely handle data. Reduce the risks to your small business by heeding the following and incorporating them into the security guidelines you develop for staff:

• Never use personal information as a password. Avoid using your or a family member’s name, a birthday, your occupation or a sports team name for a password. This information is widely available on social media or public records, making it easy for hackers to find.
• Use complex passwords and change them frequently. A short, all-lowercase password that is also a word that appears in the dictionary is easy to hack. If possible, use a combination of upper and lowercase letters, numbers and special characters (e.g., @, #, etc.) to make it more difficult to guess. Easier still, use a password management system to automate the process.
• Make sure you log off and close your browser after Internet sessions. A hacker can use an open browser to quickly access pages you have just visited, login information and even saved passwords. Always log off and close your browser when you go offline.
• Install the latest software and browser updates. Virtually every platform and all browsers provide periodic updates that can be installed at no charge. Often the primary reason for the new release is to close security gaps. Make sure your business’ software is up to date.
• Create a cyber-security policy for employees. The best way to get employees to take security seriously is to give them training on safe cyber practices. Then ask them to sign an acknowledgement that they understand the policy and hold them accountable.
• Password-protect your mobile phone or tablet. Millions of users don’t take the basic step of establishing a PIN or password to access their smartphone or tablet, which is a huge mistake. Protect your businesses mobile and tablets with a secure PIN or password in case it falls into the wrong hands.
• Create strong passwords using the “keystroke” method. If you find it challenging to remember passwords, pick one you’ll easily recall and then type it in using the key above and to the left of each actual letter. This method transforms “baseball” into “gqw3gqoo.”
• Set incoming mail to be read in plain text only. If you have email settings that automatically allow images to open, hackers can tell when you’ve opened an email. Instead, set your email to open as plain text, and click images only from trusted senders.
• Don’t store a list of passwords. Some people who take cyber-security seriously by creating complex passwords and frequently changing them undermine that effort by saving a list of passwords in an unencrypted file. It’s an open invitation for cyber thieves.
• Maintain a burner email address. Email is one of the primary gateways for hackers, so it’s a good idea to limit the number of people who have your main email address. Create a free account to give out to customers and third parties, etc. This also helps keep your inbox spam-free.

This was posted in Bdaily's Members' News section by Bill Carney .