Running a business in the Internet age, you’re bound to face security challenges that simply didn’t exist in the past.
In the good old days, at most, you needed an alarm system on your building, a lock for the file cabinet, and maybe an armored car service if you dealt with significant quantities of cash. Now you need all that plus a network firewall, a secure server, and an encrypted database for sensitive records.
If you have an online presence (and you probably should), then your small business is a potential target for hackers.
Password security can easily be the most vulnerable aspect of your business. A crook with your online banking password can rob you blind and ruin your credit in a matter of minutes.
But the biggest problem with passwords is that there are far too many of them. Think about the things in your life that are now password protected: Work-related files, mobile phones, home computers, tablets, bank cards and online banking sites, social networks – the list goes on.
Hackers are increasingly (and sadly, often successfully) pursuing websites, services and businesses with less robust security – consider the Sony, Sega, and Gawker/Gizmodo hackings a few months ago. Hackers specifically target the usernames and passwords obtained on “higher value” sites and services, such as Yahoo and Gmail accounts, Facebook, PayPal, and even online banks and other financial services websites.
So how can you keep track of your ever-growing list of usernames and passwords while staying safe and secure at the same time? Here are some basic steps:
• Don’t use the same username/password combination over and over. Use a different one for each new service you sign up for, especially if it is a site for email, online banking, retirement accounts, insurance or health care.
• Use strong passwords. Strong passwords include eight characters or more, not just letters and numbers, not a single word in the dictionary, not a birthday, not your anniversary, and not a person’s name.
• Be creative. An easy way to create a strong password is to think of it as a “passphrase” instead. Put a couple of short words together with spaces or dashes in between (”car-park-city” or “dog likes toys”). A passphrase like this is much easier to remember than a secure password like “K8h&j#s!M” and provides roughly the same level of security.
• Be especially careful about protecting access to your email address. Why so important? Because you reset passwords using your email. You just click the “Forgot My Password” link on the login screen of a website and you get an email allowing you to create a new one, right?
A thief can do that as easily as you can. He creates a new password to your account, and boom: he has access to your account and you don’t anymore. Then he might delete the confirmation email and you wouldn’t even know your identity has been hijacked until it’s too late.
• How can you remember all of those different passwords? Try a password manager, which creates a digital safe for you on your computer or phone. You just remember one single master password, and then you can access all of your other passwords organized by type and category.
The password manager can then log you into websites so you don’t have to type usernames and passwords over and over again. Of course, look for well-reviewed password programs from companies that have a long history of reliability.
By following some of these simple rules, you’ll can discourage hackers from taking aim at your business, because your passwords will be strong enough to make cracking them not worthwhile.
Justin Cepelak is vice president of product management for SplashData, which offers business and consumer productivity applications for smartphones.