Take These Security Steps

A white lock icon on the screen of a cell phone.

Small businesses are target No. 1 for criminals, and represented 43% of all 2019 data breaches. And small companies rarely have a recovery plan in place. Today, we start changing that.

Small business owners often don’t think much about security. After all, wouldn’t hackers attack the big companies with deep pockets instead? Unfortunately, many hackers target easy prey: companies without adequate safeguards. Hackers can install malware, redirect your website to theirs, freeze your site and ask for a ransom, or take your website down entirely.

How to guard against attacks. Ideally, the right security measures can prevent having any data breeches and downtime at all. Here’s an action plan.

  1. Keep your computer and phone updated. That includes the operating system, browser, website plug-ins, and any software you use. Free security patches are released all the time to guard against known threats.
  2. Turn on two-factor authentication (2FA) anywhere you can. This means that, for example, when you log into your bank account, you must also provide a code that’s been sent to your phone via text message. 
  3. Be cautious about who has access to your accounts. Once a year, do an audit to check that you have the appropriate levels of permission on shared accounts, and remove old vendors and employees. For example, review your admin settings on Google Workspace, social media accounts, social media schedulers, email management services, website tools, website hosting company, and office alarm codes.
  4. Strengthen your passwords. Do any of your passwords include the names or birthdates of your loved ones? Pets? Favorite team? Then your password is weak. Start using long, nonsensical, complicated passwords with uppercase, lowercase, numbers and symbols. The FTC recommends a minimum of 12 characters in a password. And don’t reuse the same password across several accounts.
  5. Better yet, use a password manager program. A password manager can create complicated passwords, and store them for you. LastPass is the most popular, and Bitwarden is CNET’s current top-rated option. Some password managers have a free level of service for simpler needs. You can also share access securely with select vendors, like your bookkeeper. Anchor Virtual Assistants uses LastPass to secure sensitive client data.
  6. Sign out of your laptop every time you’re on the move. If your laptop is stolen, you don’t want to be logged in to any accounts, especially your email account.
  7. Talk to your employees and vendors about phishing scams, laptop sign-out policy, and password policies. People are the weakest link in your security armor.
  8. Use the cloud as much as possible. The less information you save on your cell phone or laptop, the less vulnerable it is to theft.
  9. Browse securely. According to the FTC, you should send information only on websites that are fully encrypted. Look for https on every page. That s indicates a secure site.
  10. Get a Virtual Private Network (VPN). If you ever use public wifi for client information, you need a VPN. Some offer a free trial, so you can opt to try one before committing to a one-year or two-year contract. The others offer a 30-day money-back guarantee. For one-year contracts, the top providers (NordVPN and ExpressVPN) are currently charging between $5 and $9 per month.
  11. Consider background checks on new employees. For example, here in California, I had a Live Scan done before becoming a scholar mentor for Oakland Hope. The Live Scan involved me going to a licensed facility, where the staff checked my ID and took my fingerprints, so they could check for any arrest records. The current Live Scan pricing consists of three elements: the fingerprint “roll” service ($30), a state records search ($32), and a federal records search ($17). Total: $79. 

How to recover from attacks. Have a response plan. In the unfortunate case of a security breach, laptop theft, or other business-interrupting calamity, down time is lost income. A solid emergency plan can get you back on your feet fast.

  1. Know how to lock a stolen laptop and cell phone. What data would be vulnerable if your phone or laptop is stolen? Do you know how to lock them remotely, or wipe them, within a few minutes? For Apple fans, read about the available “Find My” features here. Android users can find similar options here.
  2. Have a backup, to minimize the down time. If your phone or laptop were damaged or stolen, do you have that data backed up? How often is it backed up? Do you know how to access the backup?
  3. Have a saved copy of your website, in case you’re hacked. Ask your web developer about this. If you have a WordPress site, consider getting the UpdraftPlus plugin, which makes backing up easy.

With these easy-to-implement steps, you’ll be much better protected against theft, downtime, and ransomware attacks.

Update: I participate in a professional group that recommends these two services for US and UK background checks: Scout Logic Screening and Oyster HR.