Swift action
"A chain is only as strong as it's weakest link"
Yikes!
Â
Here are my 5 top tips for creating a more secure environment for your business accounts:
1) Set up Two-Factor Authentication
The very first, and most simple tip, is to set up two-factor authentication (2FA) on all of your online accounts.
2FA is a system that requires two separate, distinct forms of identification in order to access your accounts.
That means that in addition to using a password, you also have another method to check your identity.
The second method (or factor), could be a text or email with a code sent to your phone or email account. Alternatively, it could be through an authentication app on your smartphone or tablet.
Often these codes expire if not activated in a certain time period. Which means that hackers can’t spend hours guessing the code to get into your account.
2FA is one of the most effective ways to secure your accounts, and most programs have this option available. So, don’t hesitate – do this today!
Â
2) Have Strong, Unique Passwords
Weak passwords, ie. passwords that are common or easy to guess, seriously puts your online security in jeopardy.
Likewise, having the same password for every account means that once one password is compromised, all of your other accounts are at risk too.
I recommend having a different, strong passwords for every account.
So what is a strong password?Â
A strong password is something that is not easily guessed, one that doesn’t follow a clear pattern and includes a mix of numbers, letters, capitals and punctuation.
Some weak passwords to avoid are:
- variations of 123456, 123456789, abc123
- common words such as qwerty, admin or password
- the name of your company or staff member
The most commonly used password is 123456. Are you guilty of using this?
3) Share Passwords Securely
While best practice is to have different log-ins for each staff member, the reality is that this can quickly add up and become too costly for a small business.
So, if you cannot provide different accounts for each member of your team, you need to find a way to securely share your passwords with each other.
And no, this is not by creating a Passwords folder on your drive or by having them written on a post-it note on your desk (seriously!).
The best way to do this is with an encrypted password manager. This will allow you to share log-in details securely, and keep them up to date easily.
I recommend using LastPass. It is one of the most commonly used passwords managers around, and it has a great free version available.
There are other alternative password managers out there, but be sure to do your research first before handing over all your data!
Â
4) Review and Update Your Security Regularly
No matter how many great security measures you put in place, there will always be slip ups that render your data insecure.
So, in addition to my tips above, I also recommend that you regularly review your accounts for any suspicious activity.
Lastly, my final tip is to update your passwords every so often, including every time you have a change in your team members or if anyone in loses a device (eg. by leaving it in the back of an Uber!).
5) Create Security Rules for Your Team
And lastly, one you have enacted my tips 1 – 4, the final step in boosting the security of your business accounts is to have your team on board in helping manage these risks.
I recommend that you have some guides, rules or minimum security standards in place for your team. And, then ensure that your team are aware of these rules and are shown how to enact them.
In addition to my tips above, your guides could also include:
- statements around password security (eg. never writing a password down)
- advice on how to identify scam or fraudulent emails
- rules around installing software on business assets
- ensuring that all devices have an auto-lock setting activated and are secured with a password
For best results, these security rules for your team should suit the context of your working environment (ie. be practical to manage), and also should include any industry or legislative requirements too (I’m looking at you, Financial Planners!).
I recommend that these guides are reviewed and discussed periodically in your team meetings, because if the team isn’t on board and compliant, then this will jeopardise your security.
Best of luck with your internet security! If you would like to know more, subscribe to our newsletter or book a time to chat.