There are an increasing number of stories focused on the danger for small businesses of not being secure online. The influx of malware and ransomware and the fact that 70% of all cyber attacks are against small businesses rightfully have a lot of small business owners concerned.
But, the reason for these risks are surprisingly simple in most cases. The vast majority of hacks are because of human error or small security holes that can be easily patched - primary among them, password management.
To address this issue and ensure your business is prepared against common hacks and social engineering that target user passwords, here are some of the most common problems faced and how to address them:
Employees Using Their Own Devices
More than 70% of employees access company data from a personal smart phone or tablet at some point. These devices are not always secured the same as your company computers and there's no way to manage their use of passwords or to ensure they avoid open public networks.
A strong BYOD policy can ensure employees are more rigorous in protecting company data, and that they use the password manager or system that you put in place to protect against data loss.
Shared or Default Passwords
Default passwords setup during development or when a new account is created are often not changed, and worse, they can be shared easily between users. In small organizations and startups especially, this is a common problem as software seats may be limited or resources may be shared from a single account.
Ensure all users have unique passwords that meet strict guidelines and that they are updated regularly. Default passwords should require update immediately upon account creation, and you should utilize a password manager for all account sharing, and cloud storage for file access sharing.
Passwords Aren't Secure to Start
One of the most common problems with passwords is that they are generally easy to guess. Many people erroneously think that a short password with lots of different character types is secure, when in reality the only way to ensure a truly secure password is to make it at least 14 characters long and somewhat arbitrary.
Random password generators can ensure you have this for all passwords, but without a password manager to organize them, they become impossible to remember and quickly revert for many employees to something simple.
Untrained Employees Posing a Risk
The single most common access point for hackers is your staff. Social engineering through unsolicited attachments, spoofed phone calls, or even looking over the shoulder of someone in a coffee shop leads to more hacks and data loss than malicious data breaches. Train your employees to spot phishing emails and protect with common sense procedures and best practices that you can followup on.
With the right combination of password management, training, and procedures for your business, you can greatly reduce the risk of a hack and data loss for your business. The reason so many hackers target small businesses is that they are easy targets without the protocols of enterprise level organizations. Remove the low hanging fruit, and you can keep your company much safer from cyber risk.