November 30 is National Computer Security Day. If this makes you think of master cybercriminal fiends and complex configurations overseen by a Board, check out the Small Business Administration’s Cybersecurity Training Course. You’ll end up with a clear idea of the steps you should take to ward off criminal masterminds as well as common cyber attacks.
In the meantime, here’s what you can do today to make your business, or organization more secure.
A lot of security efforts can be automated. Take an hour and get those automatic systems set up today.
Your website should have secure hosting. That means that your URL should begin with “https,” not “http.” This used to be an expensive undertaking, but you can usually get your SSL (Secure Sockets Layer) for free or close to free now. Contact your webmaster or website hosting company if you don’t already have secure hosting. If you don’t have time to do this today, put it on your calendar next time you have half an hour.
You should also have automatic backups for your website and for your internal systems. Many of us run our businesses in the cloud nowadays, and back up is likely to be automatic for your CRM, practice management software, accounting tools, and so forth. Make sure.
Anti-malware software is included with Windows 10. Make sure you have Windows Defender enabled if you use a Windows machine. If you have a Windows machine and you haven’t updated your operating system to Windows 10, that’s a good thing to do today, too.
If you’re not already using a password manager like LastPass or DashLane, go ahead and set one up. With these services, you only have to remember one password. The manager takes care of all your other passwords automatically. There will be a few days (or weeks) of irritation to deal with as you transition to the system, but then your troubles are over. More about passwords later.
If these changes seem overwhelming, consider getting some help. Managed services can be very affordable.
The weakest link
While some organizations need serious cybersecurity, most data breaches are very low tech. Here are some of the most common ways security problems arise:
- People leave their computers logged in and logged on when they leave their desks for lunch.
- People answer a phone call and give out sensitive information to someone who asks for it.
- People leave a Post-It with their password and user name attached to their monitor.
- People print out sensitive information and leave it on their desk where passersby can read it.
- People share their log-in information freely and casually, using a single password for the entire office.
- People use a single very guessable password for all their log-ins.
You will have noticed the shared variable here: people. People are often very casual about security. Once you’ve made those automatic systems work for you, it’s time to get your team to commit to some sensible security habits.
- Make sure all team members have their own log-in credentials for all software. Don’t share.
- Log out of cloud-based applications and on-premise software alike when you leave your desk. Shut down your computer when you leave for the day or for a lengthy meeting.
- If you must print out sensitive information, get in the habit of filing it when you’re through working with it. Don’t leave it on your desk or toss it whole into a recycling bin.
You’ve seen it in the movies: the detectives sit at someone’s computer staring at the password field. After intense concentration, the most likely password springs into their mind in a flash of inspiration. It’s the name of the girlfriend, the child’s birthday, or that special place the computer owner is so obsessed with. If they were Facebook friends of the subject, the detectives could probably have just remembered that post that said, “I always use my wedding anniversary for my password– hardly anybody knows that!”
In real life, passwords are frequently shared by trusting people. When they’re guessed, they’re generally guessed by robots using brute force attacks. That means that the software runs through lots of random and not-so-random options at a very fast speed until it happens upon the right one. Robots are fast at this and have nothing but time, so it’s a good method for cyber criminals who have a program designed for the purpose.
30-character gibberish passwords are fine, especially if you use a password manager. But passwords like “P@$$w0rd” are hard for humans to remember and easy for robots to guess. Experts say that the very best passwords are strings of unrelated words, like “adjust weather toad.” These are hard for brute force attackers to guess but relatively easy for human beings to remember.
Make sure not to use the same string of words for all your log-ins.
Take a few steps today and get your team to do the same, and you’ll be more confident about your computer security next National Computer Security Day!