Is Your Business Making These Common Security Mistakes?
Small businesses are often a target for criminals. Whilst burglaries still happen, the bulk of crime is now digital. Most business owners understand the need to use digital security software and use strong passwords, but there are other security measures that are also important. Here are just a few common security mistakes that you should look out for when keeping your business safe.
Not changing passwords
As important as it is to have strong passwords, it’s also important that you change them up from time to time – especially if you share these passwords with employees. Many password breaches are the result of passwords being leaked by bitter ex-employees. If you make sure that you change passwords after an employee has left you can be certain that they won’t share this private information with the wrong people. On top of this, changing your password simply stops hackers from gaining your password through repeated guesswork.
A strong password doesn’t have to be complex. Password experts have since re-evaluated the idea that a password needs to be a random jumble of letters and numbers – these passwords are more forgettable. Instead try shoving two completely random words together (e.g. MarigoldNarwhal) or using a random date and a word (1938Tambourine) – this is likely to be more memorable and still difficult to guess. You can also throw hackers off the scent by using false security questions (for the name of your first school, use something completely random that can’t be acquired through phishing).
Not backing up data
Backing up data can also be good security practice. If a hacker does manage to get into your files, they may try to hold them hostage with ransomware (this involves threatening to delete your files until a ransom is paid). Having some files backed up on an external hard drive or on the cloud could make these threats futile.
If you choose to use the cloud, it’s best using a specialist business cloud server with extra security (you can also use disaster recovery software that immediately blocks access to these cloud files when hacker gets into your computer). If you choose to put files on an external storage device, make sure that this isn’t left plugged into a computer and that it’s stored in a secure place such as a safe.
Not updating software
What use is digital security software if it’s out of date? New viruses and methods of cyberattack will have been developed that you won’t be protected against. Most security software automatically updates, but some programmes may require manual updates (it’s also worth noting that those that are automatic tend to update when shut down – if you constantly leave a computer in standby, it may never have a chance to update). On top of making sure that your security software is updated, make sure that other software is also updated when necessary as some of these updates could also make these individual programs more secure.
Not using screening tools
In some trades, it could be worth screening clients to check they are who they say they are. This could include checking photographs or documents. The easiest way to verify customer documents is with specialist screening software. Such software uses the latest technology including facial recognition to check a person’s identity against online records. Not only could screening be useful against customers, but it could also be useful when hiring employees.
Not training employees in security protocol
Having security protocol in place is useless if your employees haven’t been trained in how to implement it. Many cyberattacks are the result of employees making silly mistakes such as clicking on links in suspicious emails or giving someone private details over the phone in the belief that they are someone else. Whilst you yourself may know not to fall victim to these security slip-ups, your employees may not be as savvy. For this reason, it’s worth running through these security risks – as obvious as they may seem to you – with every new recruit.
There are day workshops in digital security that you can take your staff on to educate them (you may also learn a few things yourself). It may also be possible to create a handbook on security so that people know what to do in the event of a breach or a suspicious email/call.