Business security is often associated with larger companies where employees spend most of their time in front of computers. This stereotype can lead small business owners – especially ones outside the tech industry – to think they’ll never be targeted by hackers and don’t need to invest in security. It’s a mistake that cybercriminals are exploiting. Even without a traditional office environment or complex IT infrastructure, your growing business needs to take security seriously.
If your team uses the web in any capacity, it’s critical they protect their accounts with strong, unique passwords. Stolen logins are at the heart of most modern attacks. But there are other vulnerabilities and threats to be aware of, some which might be specific to your industry or company structure. So staying informed is critical.
Most businesses are “online businesses”
Restaurants, law firms, and even doggy day spas are all connected to the web. You might advertise online, handle transactions electronically, or store customer data in the cloud. Even simple interactions with the internet can pose a threat if done insecurely. Something as mild as an employee surfing the web at work or using a productivity app on their personal device creates a potential pathway to sensitive information.
E-commerce is a key example. Today, selling products or registering customers online is a major source of revenue for small businesses. It’s evolving from an option to a requirement, which is why most startups have a company website at least. But along the way, the shift created security threats for both businesses and customers. For instance, according to one study, 90 percent of login attempts on e-commerce sites are actually hackers using stolen data.
The internet has revolutionized business, and our world in general. But for every convenience or nifty innovation, there’s a risk you need to be mindful of – that’s all part of the package deal. If you manage a small business, online safety is now as vital as accounting or branding. Done correctly, though, it can be a team effort and can give your customers some crucial peace of mind as well.
Ready to improve your company’s security? Start here:
- Check out our business resources (like our beginner’s guide to cybersecurity).
- Talk with a cybersecurity consultant to help identify and solve your company’s challenges.
The role of passwords in keeping your company safe
No matter the industry (yes we’re still talking to you, doggy day spas), most data breaches are traced back to some human oversight – not an outdated computer or network glitch. For example, when an employee opens an unsafe link from an email or website, or uses weak and predictable passwords.
If your team is working remotely or in various locations, you amplify these risks. Even with an expert IT team – which might not be anywhere in your plans – good security habits are the best way to prevent cyber attacks. Without these habits, no amount of expensive software will close your security gaps.
You should nurture safe password habits by making them a part of your company culture. Just like employees know to turn the lights off when they leave, they should follow basic security steps to strengthen their accounts. Whether for devices, work software, or personal online accounts, each login needs to have a long, random, and unique password. The 1Password Strong Password Generator can be a trusty tool, and it’s free to use.
Of course, creating these passwords is only half of the solution. What about remembering them? The thought can be enough to turn many employees off, so they use their same old passwords over and over. You can fix this with a teamwide password manager. 1Password gives employees a convenient way to generate and save unique passwords for all of their accounts. It’s more secure than scribbling them on paper or saving them wherever on their desktop – leaving them ripe for stealing.
If your team uses shared devices – like a restaurant point of sale (POS) system, retail computer, or warehouse tablet – you need to ensure that everyone uses them securely. You might be using shared logins, or have separate accounts for each employee. Regardless, make sure you’re using strong, unique passwords wherever possible. Additional verification like two-factor authentication (2FA) can help ensure that users are who they say they are. You might even ask employees to sign confidentiality agreements or other privacy waivers during their training, when they’re brought into your “circle of trust.”
Create a security strategy that fits your business
Different business models have their own set of security considerations. Troublesome activity can rear its head in both the digital and physical space, and put your business and its customers at risk.
For example, Costco Wholesale – a major retailer with more than 800 locations – recently reported a serious data breach due to a credit card skimmer placed at one of its Canadian warehouses. The device reportedly helped an attacker steal customer payment information and make fraudulent charges on these accounts.
Credit card skimmers – and the more modern shimmers, which target chip cards from inside card readers – pose a risk to any business that accepts credit cards in person. There’s also a new trend of online card skimming that hijacks payment windows on e-commerce sites, and presents customers with a fake payment form to fill out. So any amount of online sales needs to be monitored and regularly reviewed with security in mind.
Every business is different, and you need to tailor your approach accordingly. If you don’t already have one, assign an individual or small team as the “security specialists” of your small business. These employees can take the lead on writing and sharing security guidelines with the rest of the team, checking for suspicious activity, and responding to incidents. This can mean asking employees to reset login information for compromised accounts, reaching out to banks or third-party vendors, and updating devices with the latest security patches.
You should also take care when signing up for a new app or third-party service. Make sure it’s a provider you can trust. Look into their security history and check what previous customers have said about them. After all, if the vendor is ever breached, your company’s data could be exposed. If an incident does happen with any of your service providers, you should quickly change all of your associated passwords, check your bank statements for unauthorized transactions, and inform your team.
Start protecting your small business today
The biggest mistake you can make is ignoring the issue entirely. Cybersecurity affects every modern business, from the tech startups to the doggy day spas. Stay informed, take the first steps toward securing your team, and keep your business on the safe track. The threats may change, but your dedication to cybersecurity can be something that lasts.