Warning, small businesses — you’ve got bullseyes on your backs right now. They’re not from competitors or upstart entrepreneurs, either. They’re from hackers.
“Most small-business owners take the attitude of ‘Why would anybody care about me? I’m just the little guy,’” Hemu Nigam, founder of Internet security consultancy SSP Blue, told reporters at CNBC. “Hackers love small businesses [because] they don’t have the resources to put in high-end cybersecurity protection, and they may not be consciously aware they are a target.”
This mindset may be changing in the age of high-profile cyberattacks like WannaCry and new threats like ransomware. Studies show many SMBs are spending big to bolster their cyber defenses. According to Cyren’s IT Security at SMBs: 2017 Benchmarking Survey, SMB security budgets have exploded by a blistering 40% over the past two years to keep pace with well-publicized hacking techniques like ransomware and phishing. When surveyed by the Ponemon Institute about where their cyber defenses were lacking, SMB leaders felt they needed more personnel and better technologies to combat these modern-day cyberthreats.
IT security is essential and combatting major threats like ransomware are important. However, in this effort to make their defenses bigger and stronger, are SMBs overlooking (obvious) opportunities to make them smarter?
Are You Leaving the Front Door Open for Hackers?
Verizon’s 2017 Data Breach Investigations Report leaked that over 80% of hacks are the result of weak passwords. As innocuous as they may seem, passwords to things like Office 365 and Salesforce accounts act as the first line of defense for your critical data. Strengthening deeper network security measures like firewalls is important, but without also using even the simplest password protection best practices, you’re effectively locking up your home’s closets and cabinets while leaving the front door wide open.
Here are some password protection tips to pass on to your colleagues and employees:
Don’t Reuse Passwords Across Accounts
Reusing your Salesforce password for your Zoho, Slack and Facebook accounts seems like a simple solution to forgotten login credentials, but it’s also an easy way to give hackers access to your most critical information. After cracking the password on one account, hackers often try that password across a variety of others to see what else they can breach.
Separate Numbers and Letters
Sequential numbers and letters are easy to remember for you and even easier to decipher for hackers. When in doubt, separate the numbers and letters of your passwords so no discernible patterns can be easily identified.
Avoid Changing Passwords Frequently
Experts suggest frequent password changes do little to improve security and prevent breaches. Mark Burnett, author of Perfect Passwords, explained in Wired, “Admins who set password policies are better off requiring longer passwords and letting users keep them for longer, rather than requiring them to change passwords every one or two months.”
Train Your Employees
The Ponemon Institute’s Managing Insider Risk through Training & Culture study revealed that the number-one cybersecurity concern for businesses is employee negligence. Educating your staff about password best practices may seem like a waste of time, but it can go a long way in preventing costly and damaging data breaches.
Use a Password Management Program
Why not let technology handle your password protection for you? There are enough high-quality, low-cost password managers around that it’s worth considering using them at your organization. Some great examples include LastPass, Keeper and Sticky Password.
More Security Insights for Your Workplace Technologies
The buzz around cybersecurity won’t be dying down anytime soon — just look at the panic waves unleashed by Jaff, WannaCry and NotPetya. As a resource-limited SMB, you should always be paying attention to current threats and trends, but don’t forget to address the seemingly insignificant security measures you can control, like passwords.
For more practical insights for securing your workplace technology, check out, “Three Signs Your Phone System May Not Be Compliant.”